Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer won't let me log in ! [Solved]


  • This topic is locked This topic is locked

#16
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs
Everyththing else ran fine, got stuck here

5.In the Open box type %LOCALAPPDATA%\Google and click OK



After that it said : "Computer cannot find %LOCALAPPDATA%\Google '. Make sure you typed the name correctly, and then try again." Three times.
Ran OTL as requested, shall I continue to run the last scan? Just wanted to make sure, as the per the results previous.
Thank you :)
  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yep, run the FSS scan and post the logs I requested.
  • 0

#18
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hello Godawgs:)

Norton removal went fine. Remove reg went ok, google file not found as I said earlier. I do use Picasa, just so you know. And gmail, of course.
OTL log: (Sorry...they're still there!)

OTL logfile created on: 10/19/2012 7:32:33 PM - Run 6
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.59% Memory free
3.98 Gb Paging File | 2.79 Gb Available in Paging File | 70.13% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 49.76 Gb Free Space | 45.10% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/31 13:05:14 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000..\Run: [toscdspd] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/13 16:22:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/09/03 20:23:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2010/05/20 17:36:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/01/02 03:40:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2010/03/13 20:59:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Comodo Downloader [2010/07/31 15:46:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/09/04 02:53:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HitmanPro [2012/07/04 06:07:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012/10/11 15:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2010/04/05 03:31:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/09/04 02:56:25 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/10/10 03:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\N360BUOptions.ini ()
O4 - Startup: C:\Users\All Users\NOS [2010/08/18 04:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/07/29 04:11:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF reDirect [2011/12/19 16:49:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/20 23:57:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2012/05/28 19:07:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 03:01:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/11 04:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/08/12 16:01:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010/08/06 17:05:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/27 04:10:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/09/04 02:49:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 03:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2010/03/13 21:05:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 08:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010/11/25 21:33:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2010/05/20 20:37:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2010/08/10 15:35:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/20 17:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/20 19:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\.minecraft [2011/07/31 00:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\AppData [2010/05/08 05:34:03 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Cindy\Application Data [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Contacts [2012/04/04 14:16:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Cookies [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Desktop [2012/10/19 19:22:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\DoctorWeb [2012/09/14 05:10:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Documents [2012/10/14 15:22:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Downloads [2012/10/12 03:44:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Favorites [2012/07/21 21:47:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Links [2012/03/08 14:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Local Settings [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Music [2012/01/05 20:17:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\My Documents [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\NetHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\New Folder [2012/09/20 19:49:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\ntuser.dat ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\ntuser.ini ()
O4 - Startup: C:\Users\Cindy\Pictures [2012/10/19 19:29:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\PrintHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Recent [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Saved Games [2010/03/25 19:03:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Searches [2011/01/01 01:19:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\SendTo [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Start Menu [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Templates [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Videos [2012/01/12 19:11:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 01:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 03:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 08:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 00:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2010/11/13 02:21:02 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Guest\Application Data [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2010/11/13 02:20:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2012/10/19 18:54:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2012/08/05 20:44:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2010/11/27 05:30:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\ntuser.dat ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Saved Games [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2012/10/12 03:53:51 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010/03/15 21:51:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 00:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/10/27 02:51:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 15:20:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/21 14:26:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/21 14:26:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/21 14:26:52 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/21 14:26:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 14:26:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/09/21 14:26:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/21 14:26:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/21 14:26:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/21 14:26:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/21 14:26:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/21 14:26:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/21 14:26:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/21 14:26:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/21 14:26:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 14:26:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/21 14:26:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/21 14:26:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/21 14:26:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/20 19:49:08 | 000,000,000 | ---D | C] -- C:\Users\Cindy\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/19 19:16:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 19:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/19 18:35:40 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/19 18:18:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 18:18:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 18:18:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/19 14:51:58 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/19 14:51:58 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/19 04:52:38 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/20 18:21:56 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/09/13 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012/07/04 06:07:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro
[2011/12/19 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\PDF reDirect
[2010/03/20 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/09/04 02:49:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006/11/02 03:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010/03/13 21:05:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Toshiba
[2008/08/18 08:06:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ulead Systems
[2010/05/20 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2010/08/10 15:35:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2010/05/20 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/20 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/31 00:39:48 | 000,000,000 | ---D | M] -- C:\Users\Cindy\.minecraft
[2010/05/08 05:34:03 | 000,000,000 | -H-D | M] -- C:\Users\Cindy\AppData
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Application Data
[2012/04/04 14:16:04 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Contacts
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Cookies
[2012/10/19 19:22:33 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Desktop
[2012/09/14 05:10:47 | 000,000,000 | ---D | M] -- C:\Users\Cindy\DoctorWeb
[2012/10/14 15:22:49 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Documents
[2012/10/12 03:44:05 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Downloads
[2012/07/21 21:47:47 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Favorites
[2012/03/08 14:40:39 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Links
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Local Settings
[2012/01/05 20:17:25 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Music
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\My Documents
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\NetHood
[2012/09/20 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Cindy\New Folder
[2012/10/19 19:29:34 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Pictures
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\PrintHood
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Recent
[2010/03/25 19:03:46 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Saved Games
[2011/01/01 01:19:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Searches
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\SendTo
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Start Menu
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Templates
[2012/01/12 19:11:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Videos
[2006/11/02 01:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006/11/02 03:02:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2008/08/18 08:18:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006/11/02 00:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010/11/13 02:21:02 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Application Data
[2010/11/13 02:20:43 | 000,000,000 | R--D | M] -- C:\Users\Guest\Contacts
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Cookies
[2012/10/19 18:54:44 | 000,000,000 | R--D | M] -- C:\Users\Guest\Desktop
[2012/08/05 20:44:46 | 000,000,000 | R--D | M] -- C:\Users\Guest\Documents
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Downloads
[2010/11/27 05:30:00 | 000,000,000 | R--D | M] -- C:\Users\Guest\Favorites
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Links
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Local Settings
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Music
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\My Documents
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\NetHood
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Pictures
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\PrintHood
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Recent
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Saved Games
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Searches
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\SendTo
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Start Menu
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Templates
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Videos
[2012/10/12 03:53:51 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010/03/15 21:51:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006/11/02 00:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010/10/27 02:51:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Users\All Users\TEMP:5C321E34
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


Extras:

OTL Extras logfile created on: 10/19/2012 7:32:33 PM - Run 6
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.59% Memory free
3.98 Gb Paging File | 2.79 Gb Available in Paging File | 70.13% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 49.76 Gb Free Space | 45.10% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024864D8-9EDF-43C6-B144-D2A7A11D9A42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0957B8CC-BD1E-4C02-8A96-DBD11B5DF6D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{208838A3-8460-4580-AB5C-0F021799C9C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{27FDEB3A-5284-4048-8CF6-EE1310D75892}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A733626-7291-4B5B-91FC-17735696B2CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35B03953-554C-4846-96A2-2919DA852E6D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3A616F37-29FA-45D5-BBD0-B31CADE42962}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B1DB43E-BE49-4BB5-9097-50D60ADDD7DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D1EF7FD-0C17-4F02-AD3B-405F729058E1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{51018119-318D-45C0-AD1B-6AF928EF2230}" = lport=445 | protocol=6 | dir=in | app=system |
"{551E1B5B-88BA-4133-A6B2-50ACF82C2B28}" = rport=10243 | protocol=6 | dir=out | app=system |
"{591CAAA6-6184-417E-B390-F7F79ADFB709}" = lport=138 | protocol=17 | dir=in | app=system |
"{5F55AD6A-0E83-44CB-AA90-63E2B89F6094}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F6B4DB5-450A-4647-8D06-6396CB067101}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{603A8BD0-4143-44BC-803D-4A9405B04EE8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6CB72BF9-A452-4C40-898C-C73B211A16AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7D1F31F4-491D-410B-A79A-1FE46C2052C9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{81E1D8CD-3AE2-4DF5-AFF4-0C82BC7D8340}" = rport=138 | protocol=17 | dir=out | app=system |
"{8643C9D3-0E46-4AD5-8251-18B43F70203F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92DEDBC8-C5E5-4CC3-A308-678C6B9C0DF5}" = lport=137 | protocol=17 | dir=in | app=system |
"{A01BF944-EB34-44A6-8906-2AB4B9DCAE8D}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
"{AABE8393-2CC8-4AD7-86BC-990B0A639FF0}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9DAC50E-FA64-4B15-81DE-A733E2713DA4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0779F60-15BB-4B52-9E04-938CC6C953F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C846A653-4160-4986-AA0E-826CC05EB98A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E15C37CE-82D8-4CE1-B6DA-00B46F4F960A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E33CA958-721F-44F0-BDBF-DC38CAC91E39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E342FAB8-FC13-4C1A-A9F7-8B63A10D45C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED0EC886-E17F-4C00-A8BF-3894C9148350}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A73A87C-7E73-438C-90E9-1F79DA6BB56E}" = protocol=6 | dir=in | app=c:\windows\temp\7zs210b.tmp\symnrt.exe |
"{0E678A61-1B63-48B8-93D8-98805F397F23}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{0F5B07A5-6FCE-40DC-A386-CD59196FA0E9}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{13A1D8AF-4967-4CFD-9AAE-AC80F622645E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A179ADC-795D-4C92-8CD5-FCAF82607811}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{249AF4DF-780F-44EE-A174-A50FCA839DE8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2622A955-DF8E-4383-B6B5-22F13ECDCE99}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{279BA005-70A8-4F85-BEB6-531CA6D60504}" = protocol=1 | dir=in | [email protected],-28543 |
"{29149483-E719-407C-87D1-ADF2BE1540CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C5FE000-3847-4529-B6A0-47A4C7B1E622}" = protocol=17 | dir=in | app=c:\windows\temp\7zs2d15\hpdiagnosticcoreui.exe |
"{30226DEA-83A9-46CE-96FE-0C99C6A0F42D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{3FC59BBF-0E34-4D0E-AE38-70DEE7F72AFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FD2854E-4457-41FE-9ED7-7F97CC05E9A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4112C661-99A3-4EB8-9B0E-EC4670264DF9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4D4EF25F-711E-43A4-A151-F8190F544E49}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{52B9B602-8377-4ECD-86EF-50B8F9A60671}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{567D0144-38BA-47A4-AC99-EBD1907FE18E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A4C89DE-02FA-408B-B89C-7475C608EC7E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5C385125-0B57-43C0-BC08-97F8EABB8978}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CFFDE67-18DE-4E27-8559-D89F46303C98}" = protocol=1 | dir=out | [email protected],-28544 |
"{6F4D0CAA-DB95-4873-B721-44015076EE92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7AE1CBF8-1762-45BC-9F85-B4E93FF09D7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AFC3082-24A0-4D00-93EC-8B1A5D984831}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{7B196B37-D22C-4187-BCC3-BB752A083141}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{7BF90766-CDC0-412F-BAD9-4A90810D51FA}" = protocol=17 | dir=in | app=c:\windows\temp\7zs210b.tmp\symnrt.exe |
"{82D894EF-B995-4DE0-8888-7BD33734D3A4}" = dir=in | app=d:\setup\hpznui01.exe |
"{836C3E0B-30F0-410C-B39D-0C2107895D2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{93B7C916-0144-4125-B964-5CDF9C144B79}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{992B8D05-ECE2-465C-BA71-C9BD8070DC7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{99672142-FFAD-4B07-8C1A-729FC9CD545E}" = protocol=58 | dir=out | [email protected],-28546 |
"{9DD456BA-2685-40E9-B640-639BED8AD6D0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{A74FCAD5-125C-40B2-B544-E80DD02F22A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEDD65D0-C0AC-44E0-90EA-D093BA357BE5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B1338F43-F9CE-4ACD-938B-9087FFFE416D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5D5DDFC-43BB-4FEE-A38C-DA9CC1A2BC54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBD5A3D5-239F-4DFC-981E-CC9005EDBD74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0D52D64-9409-45CB-8119-8B95025EF1D6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C8DF7560-20F2-4C10-AFCC-406E22FB177C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC4A4B96-24CC-45F0-8E2E-C8B2BACD299D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CC6B71EF-1BEF-462B-A9DF-611B4D3F6A91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFA8155F-592E-49C0-B6C5-E55AA15985D8}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{D698795C-B283-4702-BB5C-1BB753864680}" = protocol=6 | dir=out | app=system |
"{DEE4E370-FE06-409A-AE71-9CF77DA6AF12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5AF2C54-BDC3-4932-AF61-4F9BB74EB4F9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E9AFD4DF-5107-4850-AD47-F29798EA0809}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC137608-436E-434F-BE8D-6B380FDD855E}" = protocol=58 | dir=in | [email protected],-28545 |
"{F1689418-10F3-42DA-8D54-41FB8959B1E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1E1B2A6-5D10-4860-84A5-B4B07652559B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9459D96-6F32-423E-A507-28186354A5BD}" = protocol=6 | dir=in | app=c:\windows\temp\7zs2d15\hpdiagnosticcoreui.exe |
"TCP Query User{0971A184-A58B-4AA5-9924-0C9383DAE1BE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{CAB65313-8F88-4A6B-BA3C-52DF5360F12A}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{471CD80E-02F4-4A43-8196-E2A8EB8B117C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B52EA8-8A5C-4FF5-A9F2-1A0F3259C3D2}" = TOSHIBA Application Disc Creator
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EDC842C6-5607-48B9-A0B2-7D8B9BC57333}" = AD_Install
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belarc Advisor" = Belarc Advisor 8.1
"Blueline_is1" = Blueline 1.1.1
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"md5Base_is1" = md5Base version 1.2.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"vGrabber" = vGrabber
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/20/2012 12:39:41 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 12:39:41 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 12:52:40 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 12:52:40 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 12:57:46 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 12:57:47 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 1:26:26 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 1:26:26 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 1:31:51 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/20/2012 1:31:51 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

[ System Events ]
Error - 10/18/2012 7:55:55 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/18/2012 7:56:37 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =

Error - 10/18/2012 8:24:14 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/19/2012 10:53:13 AM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/19/2012 10:54:12 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =

Error - 10/19/2012 11:03:31 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/19/2012 7:44:38 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/19/2012 7:49:50 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/20/2012 12:18:57 AM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/20/2012 12:39:54 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =


< End of report >


FSS log:

Farbar Service Scanner Version: 19-10-2012
Ran by Cindy (administrator) on 20-10-2012 at 03:12:55
Running from "C:\Users\Cindy\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-09 17:30] - [2012-06-01 14:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 16:24] - [2008-01-20 16:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Interesting this last scan....Thank you for your help Godawgs :)
  • 0

#19
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK......

Let's se if repairing the profiles registry key will solve the problem.

Step-1.

Run ERUNT and back up the registry.


Step-2.

Repair Vista Registry:

Bootup your computer to the Advanced Boot Options. To do that:

Reboot to the Advanced Boot Options

  • Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
  • An Advanced Boot Options screen will come up..
    NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
    Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
  • Use the down arrow key to highlight Repair Your Computer and press the Enter key.
  • Select your language preferences and click on Next. (See screenshot below).

    Posted Image
  • Select your user name and type in the password, and then click on OK.
  • Select which operating system you want to restore and the click on Next. (See screenshot below)
    NOTE: If Vista is not listed here, or it is blank, then it is ok. Click on Next anyway.

    Posted Image
  • The System Recovery Option menu will open. (See screenshot below)

    Posted Image
  • Click Command Prompt. A black Command Window will open. (See screenshot below)

    Posted Image
  • At the Command Prompt (Blinking Cursor) type in or Copy and Paste the following exactly:-

    CD C:\Windows\System32\Config
  • Press the Enter key, now type in:-

    REN system system.old
  • Press the Enter key, now type in:-

    COPY C:\Windows\System32\config\RegBack\System
  • Press the Enter key.
  • Back at the Command Prompt, type Exit and press the Enter key.
  • Back at the the System Recovery Options screen click Restart and your computer should boot-up as normal.
Let me know the outcome and or if any problems encountered, thank you.


Step-3.

Let's see what SFC found/fixed.

  • Open an elevated command prompt. To do that:
    • Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
    Posted Image
  • A black Command Window will open, (See screenshot below)

    Posted Image
  • Type or Copy and Paste the following command, and then press ENTER:
    • findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt
A file named sfcdetails.txt will now be on the desktop. Copy and Paste the contents of this file in your next reply.


Step-4.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:SERVICES
SABKUTIL

:OTL
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys

:FILES
ipconfig /flushdns /c
C:\Program Files\SUPERAntiSpyware

:COMMANDS
[EMPTYTEMP]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-5.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the box beside Scan All Users button<---Important
  • Do Not click the Include 64bit Scans box.
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.


Step-6.

Run RogueKiller

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-7.

Things For Your Next Post:
1. The sfcdetails.txt file
2. The OTL fixes log
3. The new OTL.txt log
4. The RKReport.txt log
  • 0

#20
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs
Stuck at step two. I ended up with a window that said
Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Put in Installation disk and restart your computer.
2. Choose Language Settings and then click next.
3. Click "repair your computer"

If you do not have this disc contact system administrator or computer manufacturer for assistance.

Status 0x0000000f


Based on that I kinda went hunting to see if there were cd's in the 'this laptop file' and found Toshiba recovery Media cd's. One and two
I also located a cd marked Vista 32bit repair disk (?) That said, proceed and skip this step for now and move on or no? Please advise.

Thank you :)

Cindy
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Did you get the Advanced Boot Options menu and then when you tried to enter "Repair Your Computer" you got the Windows failed to start error, or did you get the error when you tried to boot to the Advanced Boot Options?
  • 0

#22
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi
When I tried to enter "Repair Your Computer" I got the Windows failed to start error.
  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
How did you uninstall the old HP printer? And do you have the new HP printer installed now?

Please complete steps 3 through 7 of my last post #19 and let's see where we are then.
  • 0

#24
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hey godawgs

Here ya go. Thank you.

2012-10-18 17:36:57, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:36:57, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:04, Info CSI 00000009 [SR] Verify complete
2012-10-18 17:37:04, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:04, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:11, Info CSI 0000000d [SR] Verify complete
2012-10-18 17:37:12, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:12, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:15, Info CSI 00000011 [SR] Verify complete
2012-10-18 17:37:16, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:16, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:18, Info CSI 00000015 [SR] Verify complete
2012-10-18 17:37:19, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:19, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:21, Info CSI 00000019 [SR] Verify complete
2012-10-18 17:37:22, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:22, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:24, Info CSI 0000001d [SR] Verify complete
2012-10-18 17:37:25, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:25, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:27, Info CSI 00000021 [SR] Verify complete
2012-10-18 17:37:27, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:27, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:29, Info CSI 00000025 [SR] Verify complete
2012-10-18 17:37:29, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:29, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:31, Info CSI 00000029 [SR] Verify complete
2012-10-18 17:37:32, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:32, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:34, Info CSI 0000002d [SR] Verify complete
2012-10-18 17:37:34, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:34, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:36, Info CSI 00000031 [SR] Verify complete
2012-10-18 17:37:37, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:37, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:39, Info CSI 00000035 [SR] Verify complete
2012-10-18 17:37:40, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:40, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:41, Info CSI 00000039 [SR] Verify complete
2012-10-18 17:37:42, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:42, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:44, Info CSI 0000003d [SR] Verify complete
2012-10-18 17:37:45, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:45, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:47, Info CSI 00000041 [SR] Verify complete
2012-10-18 17:37:47, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:47, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:49, Info CSI 00000045 [SR] Verify complete
2012-10-18 17:37:50, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:50, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:52, Info CSI 00000049 [SR] Verify complete
2012-10-18 17:37:53, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:53, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:55, Info CSI 0000004d [SR] Verify complete
2012-10-18 17:37:55, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:55, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-10-18 17:37:57, Info CSI 00000051 [SR] Verify complete
2012-10-18 17:37:58, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:37:58, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:00, Info CSI 00000055 [SR] Verify complete
2012-10-18 17:38:00, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:00, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:02, Info CSI 00000059 [SR] Verify complete
2012-10-18 17:38:03, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:03, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:05, Info CSI 0000005d [SR] Verify complete
2012-10-18 17:38:06, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:06, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:08, Info CSI 00000061 [SR] Verify complete
2012-10-18 17:38:09, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:09, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:11, Info CSI 00000065 [SR] Verify complete
2012-10-18 17:38:12, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:12, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:14, Info CSI 00000069 [SR] Verify complete
2012-10-18 17:38:15, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:15, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:17, Info CSI 0000006d [SR] Verify complete
2012-10-18 17:38:17, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:17, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:19, Info CSI 00000071 [SR] Verify complete
2012-10-18 17:38:20, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:20, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:22, Info CSI 00000075 [SR] Verify complete
2012-10-18 17:38:22, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:22, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:26, Info CSI 00000079 [SR] Verify complete
2012-10-18 17:38:27, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:27, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:29, Info CSI 0000007d [SR] Verify complete
2012-10-18 17:38:29, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:29, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:31, Info CSI 00000081 [SR] Verify complete
2012-10-18 17:38:32, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:32, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:35, Info CSI 00000085 [SR] Verify complete
2012-10-18 17:38:36, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:36, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:42, Info CSI 00000089 [SR] Verify complete
2012-10-18 17:38:43, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:43, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:48, Info CSI 0000008d [SR] Verify complete
2012-10-18 17:38:48, Info CSI 0000008e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:48, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2012-10-18 17:38:55, Info CSI 00000092 [SR] Verify complete
2012-10-18 17:38:55, Info CSI 00000093 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:38:55, Info CSI 00000094 [SR] Beginning Verify and Repair transaction
2012-10-18 17:39:01, Info CSI 00000096 [SR] Verify complete
2012-10-18 17:39:01, Info CSI 00000097 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:39:01, Info CSI 00000098 [SR] Beginning Verify and Repair transaction
2012-10-18 17:39:07, Info CSI 0000009b [SR] Verify complete
2012-10-18 17:39:07, Info CSI 0000009c [SR] Verifying 100 (0x00000064) components
2012-10-18 17:39:07, Info CSI 0000009d [SR] Beginning Verify and Repair transaction
2012-10-18 17:39:14, Info CSI 0000009f [SR] Verify complete
2012-10-18 17:39:14, Info CSI 000000a0 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:39:14, Info CSI 000000a1 [SR] Beginning Verify and Repair transaction
2012-10-18 17:39:24, Info CSI 000000ab [SR] Verify complete
2012-10-18 17:39:26, Info CSI 000000ac [SR] Verifying 100 (0x00000064) components
2012-10-18 17:39:26, Info CSI 000000ad [SR] Beginning Verify and Repair transaction
2012-10-18 17:39:33, Info CSI 000000af [SR] Verify complete
2012-10-18 17:39:34, Info CSI 000000b0 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:39:34, Info CSI 000000b1 [SR] Beginning Verify and Repair transaction
2012-10-18 17:39:40, Info CSI 000000b3 [SR] Verify complete
2012-10-18 17:39:40, Info CSI 000000b4 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:39:40, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
2012-10-18 17:39:47, Info CSI 000000b7 [SR] Verify complete
2012-10-18 17:39:47, Info CSI 000000b8 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:39:47, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-10-18 17:39:58, Info CSI 000000bb [SR] Verify complete
2012-10-18 17:39:58, Info CSI 000000bc [SR] Verifying 100 (0x00000064) components
2012-10-18 17:39:58, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-10-18 17:40:10, Info CSI 000000c1 [SR] Verify complete
2012-10-18 17:40:11, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:40:11, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2012-10-18 17:40:27, Info CSI 000000c5 [SR] Verify complete
2012-10-18 17:40:27, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:40:27, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2012-10-18 17:40:51, Info CSI 000000c9 [SR] Verify complete
2012-10-18 17:40:51, Info CSI 000000ca [SR] Verifying 100 (0x00000064) components
2012-10-18 17:40:51, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2012-10-18 17:40:59, Info CSI 000000cd [SR] Verify complete
2012-10-18 17:40:59, Info CSI 000000ce [SR] Verifying 100 (0x00000064) components
2012-10-18 17:40:59, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2012-10-18 17:41:02, Info CSI 000000d1 [SR] Verify complete
2012-10-18 17:41:02, Info CSI 000000d2 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:41:02, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2012-10-18 17:41:05, Info CSI 000000d5 [SR] Verify complete
2012-10-18 17:41:05, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:41:05, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2012-10-18 17:41:15, Info CSI 000000eb [SR] Verify complete
2012-10-18 17:41:16, Info CSI 000000ec [SR] Verifying 100 (0x00000064) components
2012-10-18 17:41:16, Info CSI 000000ed [SR] Beginning Verify and Repair transaction
2012-10-18 17:41:23, Info CSI 000000f9 [SR] Verify complete
2012-10-18 17:41:23, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2012-10-18 17:41:23, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2012-10-18 17:41:26, Info CSI 000000fd [SR] Verify complete
2012-10-18 17:41:26, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2012-10-18 17:41:26, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2012-10-18 17:41:32, Info CSI 00000101 [SR] Verify complete
2012-10-18 17:41:32, Info CSI 00000102 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:41:32, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2012-10-18 17:41:39, Info CSI 00000105 [SR] Verify complete
2012-10-18 17:41:40, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:41:40, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2012-10-18 17:41:53, Info CSI 0000010a [SR] Verify complete
2012-10-18 17:41:54, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2012-10-18 17:41:54, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2012-10-18 17:42:00, Info CSI 0000010e [SR] Verify complete
2012-10-18 17:42:00, Info CSI 0000010f [SR] Verifying 100 (0x00000064) components
2012-10-18 17:42:00, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2012-10-18 17:42:05, Info CSI 00000112 [SR] Verify complete
2012-10-18 17:42:05, Info CSI 00000113 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:42:05, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2012-10-18 17:42:16, Info CSI 00000116 [SR] Verify complete
2012-10-18 17:42:16, Info CSI 00000117 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:42:16, Info CSI 00000118 [SR] Beginning Verify and Repair transaction
2012-10-18 17:42:23, Info CSI 0000011a [SR] Verify complete
2012-10-18 17:42:24, Info CSI 0000011b [SR] Verifying 100 (0x00000064) components
2012-10-18 17:42:24, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2012-10-18 17:42:34, Info CSI 0000011e [SR] Verify complete
2012-10-18 17:42:34, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2012-10-18 17:42:34, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2012-10-18 17:42:50, Info CSI 00000145 [SR] Verify complete
2012-10-18 17:42:51, Info CSI 00000146 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:42:51, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2012-10-18 17:43:02, Info CSI 00000149 [SR] Verify complete
2012-10-18 17:43:02, Info CSI 0000014a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:43:02, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2012-10-18 17:43:26, Info CSI 0000014d [SR] Verify complete
2012-10-18 17:43:26, Info CSI 0000014e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:43:26, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2012-10-18 17:43:45, Info CSI 00000151 [SR] Verify complete
2012-10-18 17:43:46, Info CSI 00000152 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:43:46, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2012-10-18 17:43:59, Info CSI 00000155 [SR] Verify complete
2012-10-18 17:44:00, Info CSI 00000156 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:44:00, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-10-18 17:44:08, Info CSI 00000159 [SR] Verify complete
2012-10-18 17:44:08, Info CSI 0000015a [SR] Verifying 100 (0x00000064) components
2012-10-18 17:44:08, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2012-10-18 17:44:15, Info CSI 0000015d [SR] Verify complete
2012-10-18 17:44:16, Info CSI 0000015e [SR] Verifying 100 (0x00000064) components
2012-10-18 17:44:16, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-10-18 17:44:23, Info CSI 00000162 [SR] Verify complete
2012-10-18 17:44:24, Info CSI 00000163 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:44:24, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2012-10-18 17:44:40, Info CSI 00000166 [SR] Verify complete
2012-10-18 17:44:40, Info CSI 00000167 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:44:40, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2012-10-18 17:44:50, Info CSI 0000016a [SR] Verify complete
2012-10-18 17:44:51, Info CSI 0000016b [SR] Verifying 100 (0x00000064) components
2012-10-18 17:44:51, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2012-10-18 17:45:00, Info CSI 0000016e [SR] Verify complete
2012-10-18 17:45:01, Info CSI 0000016f [SR] Verifying 100 (0x00000064) components
2012-10-18 17:45:01, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2012-10-18 17:45:08, Info CSI 00000172 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-10-18 17:45:10, Info CSI 00000174 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-10-18 17:45:10, Info CSI 00000175 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
2012-10-18 17:45:13, Info CSI 00000177 [SR] Verify complete
2012-10-18 17:45:13, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:45:13, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2012-10-18 17:45:21, Info CSI 0000017b [SR] Verify complete
2012-10-18 17:45:22, Info CSI 0000017c [SR] Verifying 100 (0x00000064) components
2012-10-18 17:45:22, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2012-10-18 17:45:32, Info CSI 0000017f [SR] Verify complete
2012-10-18 17:45:32, Info CSI 00000180 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:45:32, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2012-10-18 17:45:44, Info CSI 00000184 [SR] Verify complete
2012-10-18 17:45:44, Info CSI 00000185 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:45:44, Info CSI 00000186 [SR] Beginning Verify and Repair transaction
2012-10-18 17:45:54, Info CSI 00000188 [SR] Verify complete
2012-10-18 17:45:54, Info CSI 00000189 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:45:54, Info CSI 0000018a [SR] Beginning Verify and Repair transaction
2012-10-18 17:46:02, Info CSI 0000018c [SR] Verify complete
2012-10-18 17:46:02, Info CSI 0000018d [SR] Verifying 100 (0x00000064) components
2012-10-18 17:46:02, Info CSI 0000018e [SR] Beginning Verify and Repair transaction
2012-10-18 17:46:11, Info CSI 00000190 [SR] Verify complete
2012-10-18 17:46:11, Info CSI 00000191 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:46:11, Info CSI 00000192 [SR] Beginning Verify and Repair transaction
2012-10-18 17:46:21, Info CSI 00000197 [SR] Verify complete
2012-10-18 17:46:21, Info CSI 00000198 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:46:21, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2012-10-18 17:46:29, Info CSI 0000019b [SR] Verify complete
2012-10-18 17:46:30, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2012-10-18 17:46:30, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2012-10-18 17:46:43, Info CSI 0000019f [SR] Verify complete
2012-10-18 17:46:43, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:46:43, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2012-10-18 17:46:54, Info CSI 000001a3 [SR] Verify complete
2012-10-18 17:46:54, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:46:54, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2012-10-18 17:46:57, Info CSI 000001a7 [SR] Verify complete
2012-10-18 17:46:58, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:46:58, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2012-10-18 17:47:10, Info CSI 000001ab [SR] Verify complete
2012-10-18 17:47:11, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2012-10-18 17:47:11, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2012-10-18 17:47:20, Info CSI 000001af [SR] Verify complete
2012-10-18 17:47:20, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:47:20, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2012-10-18 17:47:27, Info CSI 000001b3 [SR] Verify complete
2012-10-18 17:47:27, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:47:27, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2012-10-18 17:47:53, Info CSI 000001b7 [SR] Verify complete
2012-10-18 17:47:54, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2012-10-18 17:47:54, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2012-10-18 17:47:58, Info CSI 000001bb [SR] Verify complete
2012-10-18 17:47:58, Info CSI 000001bc [SR] Verifying 100 (0x00000064) components
2012-10-18 17:47:58, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2012-10-18 17:48:06, Info CSI 000001bf [SR] Verify complete
2012-10-18 17:48:07, Info CSI 000001c0 [SR] Verifying 90 (0x0000005a) components
2012-10-18 17:48:07, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2012-10-18 17:48:15, Info CSI 000001cc [SR] Verify complete
2012-10-18 17:48:15, Info CSI 000001cd [SR] Repairing 1 components
2012-10-18 17:48:15, Info CSI 000001ce [SR] Beginning Verify and Repair transaction
2012-10-18 17:48:15, Info CSI 000001d0 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-10-18 17:48:15, Info CSI 000001d2 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-10-18 17:48:15, Info CSI 000001d3 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
2012-10-18 17:48:15, Info CSI 000001d5 [SR] Repair complete
2012-10-18 17:48:15, Info CSI 000001d6 [SR] Committing transaction
2012-10-18 17:48:15, Info CSI 000001da [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired



otl fix scan:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service SABKUTIL stopped successfully!
Service SABKUTIL deleted successfully!
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
Registry value HKEY_USERS\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d34665a-4781-11e0-9c87-001e336bffb4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d34665a-4781-11e0-9c87-001e336bffb4}\ not found.
File E:\LaunchU3.exe -a not found.
File move failed. \kwdoqpob.sys scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Cindy\Desktop\cmd.bat deleted successfully.
C:\Users\Cindy\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\SUPERAntiSpyware not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Cindy
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Guest
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2140181837 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1777994 bytes

Total Files Cleaned = 2,043.00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 10212012_142335

Files\Folders moved on Reboot...
File move failed. \kwdoqpob.sys scheduled to be moved on reboot.
File\Folder C:\Windows\temp\~DFE6F1.tmp not found!
File\Folder C:\Windows\temp\~DFE6FB.tmp not found!
File\Folder C:\Windows\temp\~DFE737.tmp not found!
File\Folder C:\Windows\temp\~DFE73D.tmp not found!
File\Folder C:\Windows\temp\~DFE757.tmp not found!
File\Folder C:\Windows\temp\~DFE75D.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL.txt

OTL logfile created on: 10/21/2012 2:38:05 PM - Run 7
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 60.69% Memory free
3.98 Gb Paging File | 3.08 Gb Available in Paging File | 77.41% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 51.49 Gb Free Space | 46.67% Space Free | Partition Type: NTFS
Drive D: | 3.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 15:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000..\Run: [toscdspd] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/13 16:22:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/09/03 20:23:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2010/05/20 17:36:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/01/02 03:40:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2010/03/13 20:59:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Comodo Downloader [2010/07/31 15:46:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/09/04 02:53:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HitmanPro [2012/07/04 06:07:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012/10/11 15:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2010/04/05 03:31:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/09/04 02:56:25 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/10/10 03:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\N360BUOptions.ini ()
O4 - Startup: C:\Users\All Users\NOS [2010/08/18 04:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/07/29 04:11:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF reDirect [2011/12/19 16:49:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/20 23:57:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2012/05/28 19:07:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 03:01:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/11 04:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/08/12 16:01:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010/08/06 17:05:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/27 04:10:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/09/04 02:49:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 03:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2010/03/13 21:05:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 08:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010/11/25 21:33:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2010/05/20 20:37:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2010/08/10 15:35:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/20 17:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/20 19:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\.minecraft [2011/07/31 00:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\AppData [2010/05/08 05:34:03 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Cindy\Application Data [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Contacts [2012/04/04 14:16:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Cookies [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Desktop [2012/10/21 14:24:11 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\DoctorWeb [2012/09/14 05:10:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Documents [2012/10/14 15:22:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Downloads [2012/10/12 03:44:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Favorites [2012/07/21 21:47:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Links [2012/03/08 14:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Local Settings [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Music [2012/01/05 20:17:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\My Documents [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\NetHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\New Folder [2012/09/20 19:49:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\ntuser.dat ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\ntuser.ini ()
O4 - Startup: C:\Users\Cindy\Pictures [2012/10/19 19:29:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\PrintHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Recent [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Saved Games [2010/03/25 19:03:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Searches [2011/01/01 01:19:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\SendTo [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Start Menu [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Templates [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Videos [2012/01/12 19:11:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 01:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 03:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 08:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 00:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2010/11/13 02:21:02 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Guest\Application Data [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2010/11/13 02:20:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2012/10/19 18:54:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2012/08/05 20:44:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2010/11/27 05:30:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\ntuser.dat ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Saved Games [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2012/10/12 03:53:51 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010/03/15 21:51:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 00:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/10/27 02:51:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- \_OTL
[2012/10/12 15:20:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/10/21 14:28:52 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/21 14:28:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 14:28:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 14:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/21 14:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/21 14:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/19 14:51:58 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/19 14:51:58 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/19 04:52:38 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/09/13 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012/07/04 06:07:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro
[2011/12/19 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\PDF reDirect
[2010/03/20 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/09/04 02:49:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006/11/02 03:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010/03/13 21:05:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Toshiba
[2008/08/18 08:06:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ulead Systems
[2010/05/20 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2010/08/10 15:35:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2010/05/20 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/20 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/31 00:39:48 | 000,000,000 | ---D | M] -- C:\Users\Cindy\.minecraft
[2010/05/08 05:34:03 | 000,000,000 | -H-D | M] -- C:\Users\Cindy\AppData
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Application Data
[2012/04/04 14:16:04 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Contacts
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Cookies
[2012/10/21 14:24:11 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Desktop
[2012/09/14 05:10:47 | 000,000,000 | ---D | M] -- C:\Users\Cindy\DoctorWeb
[2012/10/14 15:22:49 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Documents
[2012/10/12 03:44:05 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Downloads
[2012/07/21 21:47:47 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Favorites
[2012/03/08 14:40:39 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Links
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Local Settings
[2012/01/05 20:17:25 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Music
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\My Documents
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\NetHood
[2012/09/20 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Cindy\New Folder
[2012/10/19 19:29:34 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Pictures
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\PrintHood
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Recent
[2010/03/25 19:03:46 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Saved Games
[2011/01/01 01:19:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Searches
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\SendTo
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Start Menu
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Templates
[2012/01/12 19:11:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Videos
[2006/11/02 01:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006/11/02 03:02:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2008/08/18 08:18:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006/11/02 00:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010/11/13 02:21:02 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Application Data
[2010/11/13 02:20:43 | 000,000,000 | R--D | M] -- C:\Users\Guest\Contacts
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Cookies
[2012/10/19 18:54:44 | 000,000,000 | R--D | M] -- C:\Users\Guest\Desktop
[2012/08/05 20:44:46 | 000,000,000 | R--D | M] -- C:\Users\Guest\Documents
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Downloads
[2010/11/27 05:30:00 | 000,000,000 | R--D | M] -- C:\Users\Guest\Favorites
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Links
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Local Settings
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Music
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\My Documents
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\NetHood
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Pictures
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\PrintHood
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Recent
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Saved Games
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Searches
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\SendTo
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Start Menu
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Templates
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Videos
[2012/10/12 03:53:51 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010/03/15 21:51:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006/11/02 00:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010/10/27 02:51:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Users\All Users\TEMP:5C321E34
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

As for the printer, I straight uninstalled it. Install new? Nope. Not until I'm squared. I figure that's the best chance I have for success. Besides, I kinda wanted all the old one completely out before I started. So I'll be hunting down those other files first that I see. Besides, that being a whole nother issue, adobe says I need to install a printer even after it's installed. So I need to figure that out as well. And that's been a problem since I bought this laptop. It's such a pain, sometimes. :rolleyes:
Thank you for your help, godawgs. I really appreciate it!
  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The files that SFC was not able to repair were the stttings.ini files for windows sidebar so that's no big deal. Everything else in the CBS log looked OK.

Where is the RKreport.txt log from RogueKiller? That was Step 6 in post 19.
  • 0

Advertisements


#26
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
:blush: sorry 'bout that cut it off accidentally.....



RKreport

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Cindy [Admin rights]
Mode : Scan -- Date : 10/21/2012 15:02:39

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] {1BC01BCA-762D-4B7E-BB9D-F7B4D455C0A8} : C:\Windows\System32\pcalua.exe -a "C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0RKH481\MFInstall[1].exe" -d C:\Users\Cindy\Desktop -> FOUND
[TASK][SUSP PATH] {1BCB3AB5-D783-4110-AC54-B11B35A52F9F} : C:\Windows\System32\pcalua.exe -a "C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EVETCUZ\erunt-setup[1].exe" -d C:\Users\Cindy\Desktop -> FOUND
[TASK][SUSP PATH] {659B84B8-DCA3-48A2-A9AA-E812F7808B00} : C:\Windows\System32\pcalua.exe -a "C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ECK4RB8\slb8v220[1].exe" -d C:\Users\Cindy\Desktop -> FOUND
[TASK][SUSP PATH] {90F57DF0-8493-4382-8630-BD2E60189FBB} : C:\Windows\System32\pcalua.exe -a C:\Users\Cindy\Desktop\kntsetup.exe -d C:\Users\Cindy\Desktop -> FOUND
[TASK][SUSP PATH] {A0945FEA-A82D-4AB0-9705-CC8DFF809A6D} : C:\Windows\System32\pcalua.exe -a C:\Users\Cindy\Desktop\ToolBarSD.exe -d C:\Users\Cindy\Desktop -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1246GSX +++++
--- User ---
[MBR] 333509ccec37e10f777d045a76424e11
[BSP] fa8e8eede9515186a1b2b92ae253de15 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112971 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

There's a quarantine folder on my desktop also.
Thank you for your time :)
  • 0

#27
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Step-1.

Re-run RogueKiller

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on the Delete button.
    Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-2.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the box beside Scan All Users button<---Important
  • Do Not click the Include 64bit Scans box.
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-3.

Things For Your Next Post:
1. The RKReport.txt logs
2. The new OTL.txt log
  • 0

#28
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs

One

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Cindy [Admin rights]
Mode : Remove -- Date : 10/22/2012 15:11:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][PREVRUN] {1BC01BCA-762D-4B7E-BB9D-F7B4D455C0A8} : C:\Windows\System32\pcalua.exe -a "C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0RKH481\MFInstall[1].exe" -d C:\Users\Cindy\Desktop -> DELETED
[TASK][PREVRUN] {1BCB3AB5-D783-4110-AC54-B11B35A52F9F} : C:\Windows\System32\pcalua.exe -a "C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EVETCUZ\erunt-setup[1].exe" -d C:\Users\Cindy\Desktop -> DELETED
[TASK][PREVRUN] {5C085C62-750F-4B3F-BB02-9C5BD5C9F167} : C:\Windows\System32\pcalua.exe -a "C:\Program Files\Imikimi\uninstall.exe" -> DELETED
[TASK][PREVRUN] {659B84B8-DCA3-48A2-A9AA-E812F7808B00} : C:\Windows\System32\pcalua.exe -a "C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ECK4RB8\slb8v220[1].exe" -d C:\Users\Cindy\Desktop -> DELETED
[TASK][PREVRUN] {90F57DF0-8493-4382-8630-BD2E60189FBB} : C:\Windows\System32\pcalua.exe -a C:\Users\Cindy\Desktop\kntsetup.exe -d C:\Users\Cindy\Desktop -> DELETED
[TASK][PREVRUN] {A0945FEA-A82D-4AB0-9705-CC8DFF809A6D} : C:\Windows\System32\pcalua.exe -a C:\Users\Cindy\Desktop\ToolBarSD.exe -d C:\Users\Cindy\Desktop -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1246GSX +++++
--- User ---
[MBR] 333509ccec37e10f777d045a76424e11
[BSP] fa8e8eede9515186a1b2b92ae253de15 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112971 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



two

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Cindy [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/22/2012 15:12:07

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 3 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 112 / Fail 0
My documents: Success 4 / Fail 4
My favorites: Success 0 / Fail 0
My pictures: Success 6 / Fail 0
My music: Success 20 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 126 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



and OTL


OTL logfile created on: 10/22/2012 3:23:33 PM - Run 8
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.73% Memory free
3.98 Gb Paging File | 2.87 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 51.06 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
Drive D: | 3.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/31 13:05:14 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2012/10/22 15:09:58 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52E9099A-59EC-497C-836B-4B18D48E3174}\MpKsl0ce83484.sys -- (MpKsl0ce83484)
DRV - [2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000..\Run: [toscdspd] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/13 16:22:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/09/03 20:23:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2010/05/20 17:36:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/01/02 03:40:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2010/03/13 20:59:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Comodo Downloader [2010/07/31 15:46:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/09/04 02:53:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HitmanPro [2012/07/04 06:07:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012/10/11 15:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2010/04/05 03:31:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/09/04 02:56:25 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/10/10 03:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\N360BUOptions.ini ()
O4 - Startup: C:\Users\All Users\NOS [2010/08/18 04:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/07/29 04:11:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF reDirect [2011/12/19 16:49:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/20 23:57:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2012/05/28 19:07:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 03:01:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/11 04:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/08/12 16:01:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010/08/06 17:05:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/27 04:10:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/09/04 02:49:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 03:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2010/03/13 21:05:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 08:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010/11/25 21:33:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2010/05/20 20:37:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2010/08/10 15:35:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/20 17:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/20 19:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\.minecraft [2011/07/31 00:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\AppData [2010/05/08 05:34:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Application Data [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Contacts [2012/04/04 14:16:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Cookies [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Desktop [2012/10/22 15:12:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\DoctorWeb [2012/09/14 05:10:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Documents [2012/10/14 15:22:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Downloads [2012/10/12 03:44:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Favorites [2012/07/21 21:47:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Links [2012/03/08 14:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Local Settings [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Music [2012/01/05 20:17:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\My Documents [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\NetHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\New Folder [2012/09/20 19:49:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\ntuser.dat ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\ntuser.ini ()
O4 - Startup: C:\Users\Cindy\Pictures [2012/10/19 19:29:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\PrintHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Recent [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Saved Games [2010/03/25 19:03:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Searches [2011/01/01 01:19:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\SendTo [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Start Menu [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Templates [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Videos [2012/01/12 19:11:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 01:18:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 03:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 08:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 00:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2010/11/13 02:21:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Guest\Application Data [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2010/11/13 02:20:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2012/10/19 18:54:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2012/08/05 20:44:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2010/11/27 05:30:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\ntuser.dat ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Saved Games [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2012/10/12 03:53:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Documents [2010/03/15 21:51:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/10/27 02:51:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- \_OTL
[2012/10/12 15:20:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/10/22 15:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/22 15:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/22 14:28:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 14:28:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 20:06:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/21 14:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/19 14:51:58 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/19 14:51:58 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/19 04:52:38 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | R-S- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/09/13 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012/07/04 06:07:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro
[2011/12/19 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\PDF reDirect
[2010/03/20 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/09/04 02:49:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006/11/02 03:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010/03/13 21:05:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Toshiba
[2008/08/18 08:06:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ulead Systems
[2010/05/20 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2010/08/10 15:35:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2010/05/20 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/20 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/31 00:39:48 | 000,000,000 | ---D | M] -- C:\Users\Cindy\.minecraft
[2010/05/08 05:34:03 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Application Data
[2012/04/04 14:16:04 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Contacts
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Cookies
[2012/10/22 15:12:07 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Desktop
[2012/09/14 05:10:47 | 000,000,000 | ---D | M] -- C:\Users\Cindy\DoctorWeb
[2012/10/14 15:22:49 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Documents
[2012/10/12 03:44:05 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Downloads
[2012/07/21 21:47:47 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Favorites
[2012/03/08 14:40:39 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Links
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Local Settings
[2012/01/05 20:17:25 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Music
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\My Documents
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\NetHood
[2012/09/20 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Cindy\New Folder
[2012/10/19 19:29:34 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Pictures
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\PrintHood
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Recent
[2010/03/25 19:03:46 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Saved Games
[2011/01/01 01:19:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Searches
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\SendTo
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Start Menu
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Templates
[2012/01/12 19:11:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Videos
[2006/11/02 01:18:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006/11/02 03:02:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2008/08/18 08:18:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006/11/02 00:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010/11/13 02:21:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Application Data
[2010/11/13 02:20:43 | 000,000,000 | R--D | M] -- C:\Users\Guest\Contacts
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Cookies
[2012/10/19 18:54:44 | 000,000,000 | R--D | M] -- C:\Users\Guest\Desktop
[2012/08/05 20:44:46 | 000,000,000 | R--D | M] -- C:\Users\Guest\Documents
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Downloads
[2010/11/27 05:30:00 | 000,000,000 | R--D | M] -- C:\Users\Guest\Favorites
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Links
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Local Settings
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Music
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\My Documents
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\NetHood
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Pictures
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\PrintHood
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Recent
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Saved Games
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Searches
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\SendTo
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Start Menu
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Templates
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Videos
[2012/10/12 03:53:51 | 000,000,000 | R--D | M] -- C:\Users\Public\Desktop
[2010/03/15 21:51:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Public\Favorites
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010/10/27 02:51:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Users\All Users\TEMP:5C321E34
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


Sorry, no change. Still waiting for links and running as adminstrator to avoid it.
  • 0

#29
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Cindy,

Those 04 Startup entries just won't go away.


Step-1.

  • Open the Control Panel and click the Hardware and Sound category.
  • Under the Printers category, click Remove a Printer. The Printers page will open.
  • Look and see if the printer you uninstalled is listed. If it is, right click it and click Delete.
  • Close the Printers Window. You will be back at the Hardware and Sound page.
  • Click the back arrow at the top left of the window to get back to the Control Panel home page.
  • Click the System and Maintenance category. Click System, The System page will open.
  • In the left hand column click Advanced system settings and click Continue on the UAC warning. A System Properties Window will open.
  • Click the Hardware tab then click the Device Manager button. The Device Manager will open.
  • Click the + beside Printers. If the printer you uninstalled is there, right click it and click Uninstall.
  • Close the Device Manager and the Control Panel

Step-2

Now see if you can complete the instructions in Step 2 of Post #19

If you can complete the instructions, run a new OTL scan using Scan All Users and post the OTL.txt log. And Stop here.

If you can't complete the instructions, let's get a Farbar scan and see if that can tell us anything.


Step-3.

Run FRST from a USB

Download the programs using a Clean computer.

Download the following three programs to your desktop :

1. WiNToBootIc
Will make a bootable USB
2. Windows Vista RC
This is the Recovery Console or Recovery Environment
3. For 32bit systems download Farbar Recovery Scan Tool
This is the scanning tool

  • Extract Wintoboot to your desktop
  • Insert a USB drive of at least 4GB
  • Run Wintoboot (Vista / 7 users: May need to right click the file and click Run as Administrator)

    Posted Image
  • Drag and drop the RepairDiscWindowsVista32-bit.ISO file to the program in the space indicated
  • Tick the Quick Format box and accept the warnings
  • Press Do It

    You will see it progressing

    Posted Image

    It will let you know when it is done
  • Then copy FRST to the same USB

    Posted Image

  • Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB.
    NOTE 1: When the TOSHIBA splash screen is displayed when you first turn on your computer, a boot menu prompt may be displayed for a few seconds near the bottom of the screen, indicating that a key (F2 or F12, for example) can be pressed to display a menu of boot options. The time allowed for detecting the keypress is very brief, so you'll need to be both prepared and quick.
    Press the key for USB. If your machine doesn't have this feature, you will need to set the computer to boot from the USB in the BIOS
    Note 2: If you are not sure how to do that follow the instructions Here

  • When you reboot you will see an image like the one below. Click repair my computer
    Posted Image
  • Select your operating system Yours should say Windows Vista
    Posted Image
  • Select Command prompt
    Posted Image
  • At the command prompt type notepad and press Enter. The notepad opens.
  • Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
    The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Step-4.

Things For Your Next Post:
1. Let me know what you found with the printer.
2. If you were able to complete the instructions in Step 2 of post #19 post the new OTL.txt log
3. If you weren't able to complete the instructions in Step 2 of post #19, post the FRST.txt log
  • 0

#30
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs

Things For Your Next Post:
1. Let me know what you found with the printer.


I have no printers in control panel > printers I have Microsift XPS Document Writer, send to one note 2007 and send to one note 2010. There's no printer listed in device manager. I even checked inside every other item listed just to make sure one wasn't hiding some place that was not obvious. Both One note's can and will be uninstalled. Along with their counterparts, just waiting until I'm done here before I start uninstalling stuff.



2. If you were able to complete the instructions in Step 2 of post #19 post the new OTL.txt log


I did try anyway, same result. Nope. (Sorry, it will not cooperate.) Also noticed after reboot...something small but nonetheless: The folders on my desktop lost their pages. I have two Icons I did not have before Cindy and Computer . They Cindy folder is the only one with pages...file tabs sticking out. That file looks to be a user file? There are quite a few NTUSER.dat files there as well. Quite strange. This file and the Computer link were not there before. Default entries returned?

3. If you weren't able to complete the instructions in Step 2 of post #19, post the FRST.txt log


Sadly, Here it is...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2012
Ran by SYSTEM at 23-10-2012 18:00:22
Running from G:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x]
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-07-31] (Google)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296056 2011-12-10] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-10] (Apple Inc.)
HKU\Cindy\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Cindy\...\Run: [toscdspd] TOSCDSPD.EXE [x]
HKU\Cindy\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Guest\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Startup: C:\Users\Cindy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2008-04-16] (TOSHIBA CORPORATION)
4 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-07-31] (Google)
4 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
4 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [431456 2008-02-06] (TOSHIBA Corporation)
4 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [126976 2007-12-03] (TOSHIBA Corporation)
4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-10-12] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-31] (Microsoft Corporation)
3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [11232 2011-04-24] ()
3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [x]
3 Serenum; C:\Windows\system32\drivers\serenum.sys [x]
3 Serial; C:\Windows\system32\drivers\serial.sys [x]
3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [x]
3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [x]
3 sisagp; C:\Windows\system32\drivers\sisagp.sys [x]
3 uagp35; C:\Windows\system32\drivers\uagp35.sys [x]
3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [x]
3 viaagp; C:\Windows\system32\drivers\viaagp.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-23 18:00 - 2012-10-23 18:00 - 00000000 ____D C:\FRST
2012-10-23 07:32 - 2012-10-23 08:28 - 00000618 ____A C:\Users\Cindy\Desktop\godawgs.txt
2012-10-22 21:37 - 2012-10-22 21:37 - 00000199 ____A C:\Users\Cindy\Desktop\gmail advice.txt
2012-10-22 21:19 - 2012-10-22 21:19 - 00000471 ____A C:\Users\Cindy\Desktop\gooddecked host file.txt
2012-10-22 17:32 - 2012-10-22 17:32 - 00102012 ____A C:\Users\Cindy\Desktop\OTL.Txt
2012-10-22 17:12 - 2012-10-22 17:12 - 00001110 ____A C:\Users\Cindy\Desktop\RKreport[3].txt
2012-10-22 17:11 - 2012-10-22 17:11 - 00002574 ____A C:\Users\Cindy\Desktop\RKreport[2].txt
2012-10-22 17:10 - 2012-10-22 17:10 - 00002528 ____A C:\Users\Cindy\Desktop\RKreport[1].txt
2012-10-21 21:27 - 2012-10-21 21:30 - 00000000 ____D C:\Users\Cindy\Desktop\laptop help godawgs )
2012-10-21 21:14 - 2012-10-21 21:15 - 00000000 ____D C:\Users\Cindy\Desktop\Jones family
2012-10-21 20:37 - 2012-10-21 20:37 - 00178587 ____A C:\Users\Cindy\Desktop\ucpl6clean.txt
2012-10-21 18:23 - 2012-10-21 18:23 - 00053684 ____A C:\Users\Cindy\Desktop\OTS.Txt
2012-10-21 17:00 - 2012-10-22 17:11 - 00000000 ____D C:\Users\Cindy\Desktop\RK_Quarantine
2012-10-21 16:59 - 2012-10-21 16:59 - 01425920 ____A C:\Users\Cindy\Desktop\RogueKiller.exe
2012-10-21 16:23 - 2012-10-21 16:23 - 00000000 ____D C:\_OTL
2012-10-21 08:05 - 2012-10-21 08:05 - 00001623 ____A C:\Users\Cindy\Desktop\ota notes.txt
2012-10-21 08:04 - 2012-10-21 08:04 - 00002527 ____A C:\Users\Cindy\Desktop\otsfixnotes.txt
2012-10-21 07:55 - 2012-10-21 07:55 - 00061440 ____A ( ) C:\Users\Cindy\Desktop\VEW.exe
2012-10-21 06:36 - 2012-10-21 06:36 - 00646656 ____A (OldTimer Tools) C:\Users\Cindy\Desktop\OTS.scr
2012-10-21 06:14 - 2012-10-21 06:14 - 00067855 ____A C:\Users\Cindy\Desktop\clean ots report.txt
2012-10-20 07:21 - 2012-10-21 08:05 - 00003713 ____A C:\Users\Cindy\Desktop\otsnotestips.txt
2012-10-20 06:08 - 2012-10-21 21:01 - 00179287 ____A C:\Users\Cindy\Desktop\UCPL6.txt
2012-10-20 05:07 - 2012-10-20 05:07 - 00694323 ____A (Farbar) C:\Users\Cindy\Desktop\FSS.exe
2012-10-19 21:22 - 2012-10-19 21:22 - 00001570 ____A C:\Users\Cindy\Desktop\remove.reg
2012-10-19 20:54 - 2012-10-19 20:54 - 00000685 ____A C:\Users\Guest\Desktop\ERUNT.lnk
2012-10-19 20:54 - 2012-10-19 20:54 - 00000685 ____A C:\Users\Cindy\Desktop\ERUNT.lnk
2012-10-19 18:19 - 2012-10-19 18:25 - 00000000 ____D C:\Users\Cindy\Desktop\laptop help
2012-10-18 20:46 - 2012-10-22 17:51 - 00310659 ____A C:\Users\Cindy\Desktop\godawgsnext.txt
2012-10-13 07:44 - 2012-10-16 19:56 - 00000432 ____A C:\DISKREPORT.TXT
2012-10-13 07:44 - 2012-10-16 19:56 - 00000010 ____A C:\COMMANDS.TXT
2012-10-13 07:25 - 2012-09-22 05:16 - 00600576 ____A (OldTimer Tools) C:\Users\Cindy\Desktop\OTL.exe
2012-10-12 17:20 - 2012-10-12 17:20 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-10-11 21:09 - 2012-10-11 21:09 - 00209863 ____A C:\Users\Cindy\Downloads\fwkraftmegacoolerprogramforselectdecahqapprovedst.zip
2012-10-11 17:22 - 2012-10-11 18:38 - 00001011 ____A C:\Users\Cindy\Desktop\flash drive can.txt
2012-10-11 17:11 - 2012-10-11 17:11 - 00000057 ____A C:\Users\All Users\Ament.ini
2012-10-09 19:30 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 19:30 - 2012-08-29 03:27 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-09 19:30 - 2012-08-29 03:27 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 19:30 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 19:30 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 19:30 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 19:30 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-04 21:34 - 2012-10-08 21:29 - 00001039 ____A C:\Users\Cindy\Desktop\good advice.txt
2012-10-03 08:33 - 2012-10-03 08:33 - 00054042 ____A C:\Users\Cindy\Desktop\ok.txt
2012-09-29 09:18 - 2012-10-22 08:44 - 00004003 ____A C:\Users\Cindy\Desktop\reg3notes.txt
2012-09-27 08:07 - 2012-10-21 21:26 - 00000000 ____D C:\Users\Cindy\Desktop\my scan results
2012-09-27 07:16 - 2012-10-21 21:17 - 00000000 ____D C:\Users\Cindy\Desktop\UCPL5
2012-09-26 21:06 - 2012-09-29 09:18 - 00000950 ____A C:\Users\Cindy\Desktop\reg3.txt
2012-09-24 06:42 - 2012-09-24 06:42 - 00484445 ____A C:\Users\Cindy\Desktop\Silent Runners.vbs

==================== 3 Months Modified Files ==================

2012-10-23 19:33 - 2010-03-13 22:24 - 02019177 ____A C:\Windows\WindowsUpdate.log
2012-10-23 19:33 - 2006-11-02 05:01 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-23 19:33 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-23 19:33 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-23 19:33 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-23 19:16 - 2012-04-10 17:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-23 19:05 - 2011-07-22 06:36 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-23 18:19 - 2006-11-02 02:33 - 00734026 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-23 08:28 - 2012-10-23 07:32 - 00000618 ____A C:\Users\Cindy\Desktop\godawgs.txt
2012-10-23 07:36 - 2011-07-22 06:36 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-22 21:37 - 2012-10-22 21:37 - 00000199 ____A C:\Users\Cindy\Desktop\gmail chrome advice.txt
2012-10-22 21:19 - 2012-10-22 21:19 - 00000471 ____A C:\Users\Cindy\Desktop\gooddecked host file.txt
2012-10-22 17:51 - 2012-10-18 20:46 - 00310659 ____A C:\Users\Cindy\Desktop\godawgsnext.txt
2012-10-22 17:32 - 2012-10-22 17:32 - 00102012 ____A C:\Users\Cindy\Desktop\OTL.Txt
2012-10-22 17:12 - 2012-10-22 17:12 - 00001110 ____A C:\Users\Cindy\Desktop\RKreport[3].txt
2012-10-22 17:11 - 2012-10-22 17:11 - 00002574 ____A C:\Users\Cindy\Desktop\RKreport[2].txt
2012-10-22 17:10 - 2012-10-22 17:10 - 00002528 ____A C:\Users\Cindy\Desktop\RKreport[1].txt
2012-10-22 08:44 - 2012-09-29 09:18 - 00004003 ____A C:\Users\Cindy\Desktop\reg3notes.txt
2012-10-21 21:15 - 2010-03-20 23:22 - 00165888 ____A C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-21 21:01 - 2012-10-20 06:08 - 00179287 ____A C:\Users\Cindy\Desktop\UCPL6.txt
2012-10-21 20:37 - 2012-10-21 20:37 - 00178587 ____A C:\Users\Cindy\Desktop\ucpl6clean.txt
2012-10-21 18:23 - 2012-10-21 18:23 - 00053684 ____A C:\Users\Cindy\Desktop\OTS.Txt
2012-10-21 16:59 - 2012-10-21 16:59 - 01425920 ____A C:\Users\Cindy\Desktop\RogueKiller.exe
2012-10-21 08:05 - 2012-10-21 08:05 - 00001623 ____A C:\Users\Cindy\Desktop\ota notes.txt
2012-10-21 08:05 - 2012-10-20 07:21 - 00003713 ____A C:\Users\Cindy\Desktop\otsnotestips.txt
2012-10-21 08:04 - 2012-10-21 08:04 - 00002527 ____A C:\Users\Cindy\Desktop\otsfixnotes.txt
2012-10-21 07:55 - 2012-10-21 07:55 - 00061440 ____A ( ) C:\Users\Cindy\Desktop\VEW.exe
2012-10-21 06:36 - 2012-10-21 06:36 - 00646656 ____A (OldTimer Tools) C:\Users\Cindy\Desktop\OTS.scr
2012-10-21 06:14 - 2012-10-21 06:14 - 00067855 ____A C:\Users\Cindy\Desktop\clean ots report.txt
2012-10-20 05:07 - 2012-10-20 05:07 - 00694323 ____A (Farbar) C:\Users\Cindy\Desktop\FSS.exe
2012-10-19 21:22 - 2012-10-19 21:22 - 00001570 ____A C:\Users\Cindy\Desktop\remove.reg
2012-10-19 20:54 - 2012-10-19 20:54 - 00000685 ____A C:\Users\Guest\Desktop\ERUNT.lnk
2012-10-19 20:54 - 2012-10-19 20:54 - 00000685 ____A C:\Users\Cindy\Desktop\ERUNT.lnk
2012-10-19 20:17 - 2010-06-06 16:54 - 00201070 ____A C:\Windows\PFRO.log
2012-10-19 06:52 - 2006-11-02 04:47 - 00357256 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-16 19:56 - 2012-10-13 07:44 - 00000432 ____A C:\DISKREPORT.TXT
2012-10-16 19:56 - 2012-10-13 07:44 - 00000010 ____A C:\COMMANDS.TXT
2012-10-16 17:20 - 2010-11-15 22:08 - 00000190 ____A C:\Users\Cindy\Desktop\Geeks to Go! – Tech experts answer your questions.url
2012-10-16 17:07 - 2006-11-02 02:22 - 52166656 ____A C:\Windows\System32\config\software_previous
2012-10-16 17:07 - 2006-11-02 02:22 - 38797312 ____A C:\Windows\System32\config\components_previous
2012-10-16 17:07 - 2006-11-02 02:22 - 21757952 ____A C:\Windows\System32\config\system_previous
2012-10-16 17:07 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\default_previous
2012-10-16 17:07 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-10-16 17:07 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-10-12 17:20 - 2012-10-12 17:20 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-10-11 21:09 - 2012-10-11 21:09 - 00209863 ____A C:\Users\Cindy\Downloads\fwkraftmegacoolerprogramforselectdecahqapprovedst.zip
2012-10-11 18:38 - 2012-10-11 17:22 - 00001011 ____A C:\Users\Cindy\Desktop\flash drive can.txt
2012-10-11 17:15 - 2010-11-07 07:55 - 00013535 ____A C:\Users\All Users\hpzinstall.log
2012-10-11 17:11 - 2012-10-11 17:11 - 00000057 ____A C:\Users\All Users\Ament.ini
2012-10-10 05:06 - 2006-11-02 02:24 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-10-09 05:16 - 2012-04-10 17:37 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 05:16 - 2011-05-20 06:06 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-08 21:29 - 2012-10-04 21:34 - 00001039 ____A C:\Users\Cindy\Desktop\good advice.txt
2012-10-03 08:33 - 2012-10-03 08:33 - 00054042 ____A C:\Users\Cindy\Desktop\ok.txt
2012-10-02 05:02 - 2011-01-27 03:10 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-29 09:18 - 2012-09-26 21:06 - 00000950 ____A C:\Users\Cindy\Desktop\reg3.txt
2012-09-24 06:42 - 2012-09-24 06:42 - 00484445 ____A C:\Users\Cindy\Desktop\Silent Runners.vbs
2012-09-23 08:53 - 2010-11-13 04:22 - 00101120 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-22 08:15 - 2012-09-22 08:15 - 00005310 ____A C:\Users\Cindy\Desktop\ct closing.txt
2012-09-22 05:16 - 2012-10-13 07:25 - 00600576 ____A (OldTimer Tools) C:\Users\Cindy\Desktop\OTL.exe
2012-09-21 07:19 - 2012-09-21 07:19 - 00001223 ____A C:\Users\Cindy\Desktop\bluelinetips.txt
2012-09-20 20:21 - 2012-01-01 23:06 - 00000877 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-20 04:11 - 2011-12-07 07:26 - 00000320 ____A C:\Users\Cindy\Desktop\Danny Sparks BorthwickObit Honolulu HI.url
2012-09-19 22:01 - 2010-03-18 19:02 - 00101120 ____A C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-16 07:39 - 2012-04-12 20:11 - 00004284 ____A C:\Windows\setupact.log
2012-09-13 18:22 - 2012-09-13 18:22 - 00001635 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-13 05:28 - 2012-10-09 19:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-11 21:09 - 2012-09-11 21:09 - 00219648 ____A (OldTimer Tools) C:\Users\Cindy\Desktop\OTA.exe
2012-09-07 19:04 - 2010-04-05 05:31 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-04 06:30 - 2012-09-04 06:30 - 00000166 ____A C:\Users\Cindy\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url
2012-08-31 00:03 - 2012-08-31 00:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-31 00:03 - 2010-10-24 23:25 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-29 03:27 - 2012-10-09 19:30 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-29 03:27 - 2012-10-09 19:30 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-25 03:50 - 2012-09-21 16:26 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-25 03:50 - 2012-09-21 16:26 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-25 03:50 - 2012-09-21 16:26 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-25 03:48 - 2012-09-21 16:26 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-25 03:46 - 2012-09-21 16:26 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-25 03:45 - 2012-09-21 16:26 - 06008832 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-25 03:45 - 2012-09-21 16:26 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-25 03:45 - 2012-09-21 16:26 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-25 03:45 - 2012-09-21 16:26 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-25 03:44 - 2012-09-21 16:26 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-25 03:44 - 2012-09-21 16:26 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-25 02:11 - 2012-09-21 16:26 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-25 00:31 - 2012-09-21 16:26 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-25 00:31 - 2012-09-21 16:26 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-25 00:30 - 2012-09-21 16:26 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-25 00:29 - 2012-09-21 16:26 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:53 - 2012-10-09 19:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-21 15:01 - 2012-09-13 18:22 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 15:01 - 2011-06-27 20:41 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-19 22:31:56
Restore point made on: 2012-10-20 17:07:05
Restore point made on: 2012-10-21 16:24:03
Restore point made on: 2012-10-22 18:35:28
Restore point made on: 2012-10-23 08:54:32

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1915.39 MB
Available physical RAM: 1528.24 MB
Total Pagefile: 1735.71 MB
Available Pagefile: 1598.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1984.97 MB

==================== Partitions =============================

1 Drive c: (SQ004816V03) (Fixed) (Total:110.32 GB) (Free:59.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (TOSHIBA System Volume) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
5 Drive g: () (Removable) (Total:3.74 GB) (Free:3.55 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 993 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 3830 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 110 GB 1501 MB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E TOSHIBA Sys NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C SQ004816V03 NTFS Partition 110 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3830 MB 28 KB

=========================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G NTFS Removable 3830 MB Healthy

=========================================================

Last Boot: 2012-10-23 07:42

==================== End Of Log ============================



Gee. My life :lol: Ok, well .....There it is.
While doing what you asked, another something occured... After selecting "repair your computer" a window popped up that said System Recovery Options...Windows found problems with your computer's startup options. Do you want to apply repairs and restart computer?
Repair/restart or No were the choices, I chose no. I did not know if it was important as it was not in your steps, so I thought I'd mention to make sure sure. Ok. Think that's it...

Sorry to be a pain, I totally did not think it was THIS bad :huh:
Thank you so much for your time.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP