Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer won't let me log in ! [Solved]


  • This topic is locked This topic is locked

#31
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Sorry to be a pain, I totally did not think it was THIS bad :huh:
Thank you so much for your time.

You're welcome and you aren't a pain.


While doing what you asked, another something occured... After selecting "repair your computer" a window popped up that said System Recovery Options...Windows found problems with your computer's startup options. Do you want to apply repairs and restart computer?
Repair/restart or No were the choices, I chose no.

OK..let's go back there.


Step-1.

  • Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB.
    NOTE 1: When the TOSHIBA splash screen is displayed when you first turn on your computer, a boot menu prompt may be displayed for a few seconds near the bottom of the screen, indicating that a key (F2 or F12, for example) can be pressed to display a menu of boot options. The time allowed for detecting the keypress is very brief, so you'll need to be both prepared and quick.
    Press the key for USB. If your machine doesn't have this feature, you will need to set the computer to boot from the USB in the BIOS
    Note 2: If you are not sure how to do that follow the instructions Here

  • When you reboot you will see an image like the one below. Click Repair Your Computer
    Posted Image

    I'm assuming this is where you got the "System Recovery Options...Windows found problems with your computer's startup options. Do you want to apply repairs and restart computer?" message.

    This time select Repair and Restart.
  • The computer will reboot. Repeat Steps 1 and 2 to return to the System Recovery Options screen.
  • After System Recovery Options completes its scan this time, the Windows installation requiring the repair should be displayed in the list of operating systems. Normally, it is selected. If it's not, click it to select it. Yours should say Microsoft Windows Vista (See the screenshot below)

    Posted Image
  • Click Next

    You should see the Recovery Tools Window
    Posted Image
  • Click StartUp Repair. The system will be scanned and repairs will be attempted (it should only take a few seconds).
  • Click the Finish button.
  • This time, do not allow the computer to boot from the USB. Instead, when the computer starts booting up (Before the Windows screen) start tapping the F8 key to get to the Advanced Boot Options.
  • On the Advanced Boot Options screen, click Repair Your Computer. The Install Windows screen should appear. (See screenshot below)

    Posted Image
  • Select your language, Time/Currency and Keyboard and click Next
  • Select your user name and type in the password if it asks and click OK. The Operating System(s) to be repaired screen should come up. (See screenshot below)

    Posted Image
  • Click Microsoft Windows Vista to highlight it and click the Next button. A Choose A Recovery Tool screen will come up. (See the screenshot below)

    Posted Image
  • Do Not click a tool link, instead click the Restart button and let windows load normally.

This tells us that the Repair Your Computer option is working normally again.

If this worked, continue to step 2. If it didn't, stop here and post back and tell me.


Step-2

1. Rerun OTL
2. Click the box beside Scan All Users
3. Click the RunScan button
The OTL.txt will will be open on the desktop. Copy and paste it into your next reply.


Step-3.

Things For Your Next Post:
1. The new OTL.txt log IF the StartUp Repair worked.
  • 0

Advertisements


#32
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts

Hi Godawgs

No go, no dice...no joy. Ahhh!

I'm assuming this is where you got the "System Recovery Options...Windows found problems with your computer's startup options. Do you want to apply repairs and restart computer?" message.

Precisely :thumbsup:

This time select Repair and Restart.

I did, it did. When I looked at the parts fixed, there were no errors fixed? Nothing in any sector was fixed. No errors found?

The computer will reboot. Repeat Steps 1 and 2 to return to the System Recovery Options screen.

I did, I tried, System Recovery Options screen did not come up. :mellow: The same stupid error black screen "Windows found a problem with your computer's startup options" ... insert your disc and restart junk. :rolleyes: It's just not cooperating. :headscratch:
Any other ideas? Thank you for your time.
  • 0

#33
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK, lets use the big and bigger guns and see if they will tell us, fix anything.


Step-1.

Download Unhide.exe from here to the desktop.
  • Double click the Unhide.exe file to run it.
  • When unhide is complete, it will create a logfile on the Desktop named Unhide.txt.
Post it in your next reply.


Delete any old copies of TDSSKiller and ComboFix.


Step-2.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action on any suspicious objects. Click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Skip is selected, then click Continue => Reboot now.
    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-3.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Firewall and Anti-Virus


Step-4.

Things For Your Next Post:
1. The Unhide.txt log
2. The TDSSKiller log
3. The ComboFix.txt log
  • 0

#34
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs
Problem with unhide: the window that looks like a command prompt window says appdata doesn't exist! Unhide Terminated!
Then another window titled 'Unhide Error' says 'There was a problem retrieving a necessary environment variable. Unhide has terminated!' Ok to be clicked, and I clicked it...Shall I proceed? Just checkin'...
Aloha, Cindy
  • 0

#35
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yep. Continue with the TDSSKiller and ComboFix scans.
  • 0

#36
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Ok. Impatient me proceeded.

Unhide log:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 10/25/2012 04:04:18 AM
Windows Version: Windows Vista

Yup. That's it. Uncooperative computer, this is. Sorry :blush:

TdssKiller log:

04:21:05.0758 5104 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
04:21:06.0266 5104 ============================================================
04:21:06.0266 5104 Current date / time: 2012/10/25 04:21:06.0266
04:21:06.0266 5104 SystemInfo:
04:21:06.0266 5104
04:21:06.0266 5104 OS Version: 6.0.6002 ServicePack: 2.0
04:21:06.0266 5104 Product type: Workstation
04:21:06.0267 5104 ComputerName: CINDY-PC
04:21:06.0267 5104 UserName: Cindy
04:21:06.0267 5104 Windows directory: C:\Windows
04:21:06.0267 5104 System windows directory: C:\Windows
04:21:06.0267 5104 Processor architecture: Intel x86
04:21:06.0267 5104 Number of processors: 1
04:21:06.0267 5104 Page size: 0x1000
04:21:06.0267 5104 Boot type: Normal boot
04:21:06.0267 5104 ============================================================
04:21:08.0205 5104 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:21:08.0242 5104 ============================================================
04:21:08.0242 5104 \Device\Harddisk0\DR0:
04:21:08.0242 5104 MBR partitions:
04:21:08.0242 5104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA5BB0
04:21:08.0242 5104 ============================================================
04:21:08.0281 5104 C: <-> \Device\Harddisk0\DR0\Partition1
04:21:08.0282 5104 ============================================================
04:21:08.0282 5104 Initialize success
04:21:08.0282 5104 ============================================================
04:25:10.0842 3636 ============================================================
04:25:10.0842 3636 Scan started
04:25:10.0843 3636 Mode: Manual; SigCheck; TDLFS;
04:25:10.0843 3636 ============================================================
04:25:10.0960 3636 ================ Scan system memory ========================
04:25:10.0960 3636 System memory - ok
04:25:10.0963 3636 ================ Scan services =============================
04:25:11.0156 3636 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
04:25:11.0301 3636 ACPI - ok
04:25:11.0438 3636 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
04:25:11.0451 3636 AdobeARMservice - ok
04:25:11.0545 3636 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
04:25:11.0562 3636 AdobeFlashPlayerUpdateSvc - ok
04:25:11.0624 3636 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
04:25:11.0652 3636 adp94xx - ok
04:25:11.0677 3636 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
04:25:11.0699 3636 adpahci - ok
04:25:11.0718 3636 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
04:25:11.0734 3636 adpu160m - ok
04:25:11.0754 3636 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
04:25:11.0770 3636 adpu320 - ok
04:25:11.0812 3636 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:25:11.0967 3636 AeLookupSvc - ok
04:25:12.0030 3636 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
04:25:12.0095 3636 AFD - ok
04:25:12.0178 3636 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
04:25:12.0244 3636 AgereModemAudio - ok
04:25:12.0327 3636 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
04:25:12.0395 3636 AgereSoftModem - ok
04:25:12.0480 3636 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:25:12.0494 3636 agp440 - ok
04:25:12.0512 3636 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
04:25:12.0527 3636 aic78xx - ok
04:25:12.0548 3636 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
04:25:12.0647 3636 ALG - ok
04:25:12.0681 3636 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
04:25:12.0694 3636 aliide - ok
04:25:12.0734 3636 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
04:25:12.0749 3636 amdagp - ok
04:25:12.0775 3636 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
04:25:12.0789 3636 amdide - ok
04:25:12.0808 3636 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
04:25:12.0849 3636 AmdK7 - ok
04:25:12.0879 3636 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
04:25:12.0908 3636 AmdK8 - ok
04:25:12.0961 3636 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
04:25:13.0033 3636 Appinfo - ok
04:25:13.0109 3636 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:25:13.0126 3636 Apple Mobile Device - ok
04:25:13.0169 3636 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
04:25:13.0184 3636 arc - ok
04:25:13.0224 3636 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
04:25:13.0240 3636 arcsas - ok
04:25:13.0335 3636 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
04:25:13.0351 3636 aspnet_state - ok
04:25:13.0405 3636 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:25:13.0463 3636 AsyncMac - ok
04:25:13.0499 3636 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
04:25:13.0513 3636 atapi - ok
04:25:13.0589 3636 [ 8BE56F8300E1C37B578DA23C71816B7A ] athr C:\Windows\system32\DRIVERS\athr.sys
04:25:13.0678 3636 athr - ok
04:25:13.0749 3636 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:25:13.0778 3636 AudioEndpointBuilder - ok
04:25:13.0791 3636 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
04:25:13.0821 3636 Audiosrv - ok
04:25:13.0884 3636 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
04:25:13.0934 3636 Beep - ok
04:25:14.0001 3636 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
04:25:14.0058 3636 BFE - ok
04:25:14.0137 3636 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
04:25:14.0224 3636 BITS - ok
04:25:14.0265 3636 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
04:25:14.0292 3636 blbdrive - ok
04:25:14.0358 3636 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:25:14.0381 3636 Bonjour Service - ok
04:25:14.0411 3636 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:25:14.0454 3636 bowser - ok
04:25:14.0514 3636 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
04:25:14.0535 3636 BrFiltLo - ok
04:25:14.0552 3636 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
04:25:14.0589 3636 BrFiltUp - ok
04:25:14.0638 3636 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
04:25:14.0682 3636 Browser - ok
04:25:14.0714 3636 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
04:25:14.0914 3636 Brserid - ok
04:25:14.0948 3636 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
04:25:15.0012 3636 BrSerWdm - ok
04:25:15.0042 3636 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
04:25:15.0112 3636 BrUsbMdm - ok
04:25:15.0138 3636 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
04:25:15.0205 3636 BrUsbSer - ok
04:25:15.0242 3636 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
04:25:15.0299 3636 BTHMODEM - ok
04:25:15.0341 3636 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:25:15.0382 3636 cdfs - ok
04:25:15.0420 3636 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:25:15.0461 3636 cdrom - ok
04:25:15.0518 3636 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
04:25:15.0569 3636 CertPropSvc - ok
04:25:15.0603 3636 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
04:25:15.0641 3636 circlass - ok
04:25:15.0697 3636 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
04:25:15.0718 3636 CLFS - ok
04:25:15.0739 3636 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:25:15.0751 3636 clr_optimization_v2.0.50727_32 - ok
04:25:15.0820 3636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:25:15.0834 3636 clr_optimization_v4.0.30319_32 - ok
04:25:15.0876 3636 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:25:15.0902 3636 CmBatt - ok
04:25:15.0926 3636 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:25:15.0939 3636 cmdide - ok
04:25:15.0963 3636 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:25:15.0977 3636 Compbatt - ok
04:25:15.0992 3636 COMSysApp - ok
04:25:16.0066 3636 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
04:25:16.0072 3636 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
04:25:16.0072 3636 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
04:25:16.0094 3636 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
04:25:16.0107 3636 crcdisk - ok
04:25:16.0135 3636 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
04:25:16.0183 3636 Crusoe - ok
04:25:16.0282 3636 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:25:16.0352 3636 CryptSvc - ok
04:25:16.0515 3636 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:25:16.0582 3636 DcomLaunch - ok
04:25:16.0621 3636 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:25:16.0691 3636 DfsC - ok
04:25:16.0839 3636 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
04:25:17.0061 3636 DFSR - ok
04:25:17.0116 3636 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
04:25:17.0158 3636 Dhcp - ok
04:25:17.0215 3636 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
04:25:17.0230 3636 disk - ok
04:25:17.0281 3636 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:25:17.0337 3636 Dnscache - ok
04:25:17.0395 3636 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
04:25:17.0439 3636 dot3svc - ok
04:25:17.0492 3636 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
04:25:17.0540 3636 Dot4 - ok
04:25:17.0566 3636 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:25:17.0606 3636 Dot4Print - ok
04:25:17.0634 3636 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
04:25:17.0681 3636 dot4usb - ok
04:25:17.0735 3636 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
04:25:17.0786 3636 DPS - ok
04:25:17.0891 3636 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:25:17.0942 3636 drmkaud - ok
04:25:18.0001 3636 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:25:18.0037 3636 DXGKrnl - ok
04:25:18.0077 3636 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
04:25:18.0123 3636 E1G60 - ok
04:25:18.0172 3636 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
04:25:18.0214 3636 EapHost - ok
04:25:18.0270 3636 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
04:25:18.0288 3636 Ecache - ok
04:25:18.0347 3636 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:25:18.0414 3636 ehRecvr - ok
04:25:18.0442 3636 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
04:25:18.0543 3636 ehSched - ok
04:25:18.0581 3636 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
04:25:18.0612 3636 ehstart - ok
04:25:18.0670 3636 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
04:25:18.0694 3636 elxstor - ok
04:25:18.0750 3636 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
04:25:18.0848 3636 EMDMgmt - ok
04:25:18.0877 3636 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:25:18.0920 3636 ErrDev - ok
04:25:18.0982 3636 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
04:25:19.0031 3636 EventSystem - ok
04:25:19.0086 3636 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
04:25:19.0173 3636 exfat - ok
04:25:19.0226 3636 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:25:19.0264 3636 fastfat - ok
04:25:19.0324 3636 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:25:19.0371 3636 fdc - ok
04:25:19.0406 3636 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
04:25:19.0432 3636 fdPHost - ok
04:25:19.0457 3636 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
04:25:19.0516 3636 FDResPub - ok
04:25:19.0541 3636 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:25:19.0556 3636 FileInfo - ok
04:25:19.0587 3636 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:25:19.0624 3636 Filetrace - ok
04:25:19.0650 3636 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:25:19.0694 3636 flpydisk - ok
04:25:19.0730 3636 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:25:19.0747 3636 FltMgr - ok
04:25:19.0833 3636 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
04:25:19.0900 3636 FontCache - ok
04:25:19.0994 3636 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
04:25:20.0007 3636 FontCache3.0.0.0 - ok
04:25:20.0060 3636 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:25:20.0125 3636 Fs_Rec - ok
04:25:20.0205 3636 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
04:25:20.0239 3636 FwLnk - ok
04:25:20.0250 3636 gagp30kx - ok
04:25:20.0311 3636 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
04:25:20.0322 3636 GEARAspiWDM - ok
04:25:20.0390 3636 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
04:25:20.0401 3636 GoogleDesktopManager-051210-111108 - ok
04:25:20.0458 3636 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
04:25:20.0489 3636 gpsvc - ok
04:25:20.0587 3636 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
04:25:20.0601 3636 gupdate - ok
04:25:20.0611 3636 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
04:25:20.0624 3636 gupdatem - ok
04:25:20.0671 3636 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
04:25:20.0685 3636 gusvc - ok
04:25:20.0746 3636 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:25:20.0815 3636 HdAudAddService - ok
04:25:20.0869 3636 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
04:25:20.0941 3636 HDAudBus - ok
04:25:20.0969 3636 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
04:25:21.0027 3636 HidBth - ok
04:25:21.0060 3636 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
04:25:21.0132 3636 HidIr - ok
04:25:21.0167 3636 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
04:25:21.0238 3636 hidserv - ok
04:25:21.0306 3636 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:25:21.0361 3636 HidUsb - ok
04:25:21.0410 3636 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:25:21.0455 3636 hkmsvc - ok
04:25:21.0495 3636 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
04:25:21.0509 3636 HpCISSs - ok
04:25:21.0604 3636 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
04:25:21.0667 3636 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
04:25:21.0667 3636 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
04:25:21.0732 3636 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:25:21.0867 3636 HTTP - ok
04:25:21.0903 3636 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
04:25:21.0917 3636 i2omp - ok
04:25:21.0968 3636 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:25:22.0005 3636 i8042prt - ok
04:25:22.0099 3636 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
04:25:22.0139 3636 IAANTMON - ok
04:25:22.0190 3636 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
04:25:22.0221 3636 iaStor - ok
04:25:22.0248 3636 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
04:25:22.0267 3636 iaStorV - ok
04:25:22.0325 3636 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
04:25:22.0350 3636 IDriverT ( UnsignedFile.Multi.Generic ) - warning
04:25:22.0350 3636 IDriverT - detected UnsignedFile.Multi.Generic (1)
04:25:22.0428 3636 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:25:22.0470 3636 idsvc - ok
04:25:22.0591 3636 [ 6FB1858D1F0923D122B0331865695041 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
04:25:22.0727 3636 igfx - ok
04:25:22.0759 3636 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
04:25:22.0772 3636 iirsp - ok
04:25:22.0816 3636 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
04:25:22.0878 3636 IKEEXT - ok
04:25:22.0977 3636 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
04:25:23.0058 3636 IntcAzAudAddService - ok
04:25:23.0130 3636 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
04:25:23.0143 3636 intelide - ok
04:25:23.0160 3636 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:25:23.0203 3636 intelppm - ok
04:25:23.0251 3636 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:25:23.0278 3636 IPBusEnum - ok
04:25:23.0301 3636 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:25:23.0353 3636 IpFilterDriver - ok
04:25:23.0393 3636 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:25:23.0476 3636 iphlpsvc - ok
04:25:23.0485 3636 IpInIp - ok
04:25:23.0524 3636 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
04:25:23.0569 3636 IPMIDRV - ok
04:25:23.0604 3636 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
04:25:23.0632 3636 IPNAT - ok
04:25:23.0701 3636 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
04:25:23.0752 3636 iPod Service - ok
04:25:23.0800 3636 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:25:23.0826 3636 IRENUM - ok
04:25:23.0844 3636 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:25:23.0860 3636 isapnp - ok
04:25:23.0915 3636 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
04:25:23.0933 3636 iScsiPrt - ok
04:25:23.0973 3636 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
04:25:23.0987 3636 iteatapi - ok
04:25:24.0012 3636 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
04:25:24.0025 3636 iteraid - ok
04:25:24.0105 3636 [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi C:\Program Files\Jumpstart\jswpsapi.exe
04:25:24.0323 3636 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
04:25:24.0324 3636 jswpsapi - detected UnsignedFile.Multi.Generic (1)
04:25:24.0351 3636 [ 11AD410F41AF42BA12E63187E3EC141A ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
04:25:24.0403 3636 jswpslwf - ok
04:25:24.0468 3636 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:25:24.0482 3636 kbdclass - ok
04:25:24.0501 3636 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:25:24.0541 3636 kbdhid - ok
04:25:24.0578 3636 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
04:25:24.0641 3636 KeyIso - ok
04:25:24.0670 3636 [ E8CA038F51F7761BD6E3A3B0B8014263 ] KR10I C:\Windows\system32\drivers\kr10i.sys
04:25:24.0712 3636 KR10I - ok
04:25:24.0751 3636 [ 6A4ADB9186DD0E114E623DAF57E42B31 ] KR10N C:\Windows\system32\drivers\kr10n.sys
04:25:24.0780 3636 KR10N - ok
04:25:24.0821 3636 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:25:24.0848 3636 KSecDD - ok
04:25:24.0908 3636 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
04:25:24.0944 3636 KtmRm - ok
04:25:24.0974 3636 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
04:25:25.0079 3636 LanmanServer - ok
04:25:25.0108 3636 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:25:25.0181 3636 LanmanWorkstation - ok
04:25:25.0235 3636 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:25:25.0285 3636 lltdio - ok
04:25:25.0326 3636 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:25:25.0370 3636 lltdsvc - ok
04:25:25.0400 3636 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:25:25.0463 3636 lmhosts - ok
04:25:25.0500 3636 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
04:25:25.0517 3636 LSI_FC - ok
04:25:25.0543 3636 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
04:25:25.0559 3636 LSI_SAS - ok
04:25:25.0598 3636 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
04:25:25.0613 3636 LSI_SCSI - ok
04:25:25.0634 3636 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
04:25:25.0678 3636 luafv - ok
04:25:25.0720 3636 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
04:25:25.0733 3636 MBAMProtector - ok
04:25:25.0809 3636 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
04:25:25.0833 3636 MBAMScheduler - ok
04:25:25.0901 3636 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
04:25:25.0949 3636 MBAMService - ok
04:25:25.0981 3636 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:25:26.0015 3636 Mcx2Svc - ok
04:25:26.0069 3636 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
04:25:26.0083 3636 megasas - ok
04:25:26.0112 3636 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
04:25:26.0137 3636 MegaSR - ok
04:25:26.0173 3636 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
04:25:26.0213 3636 MMCSS - ok
04:25:26.0234 3636 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
04:25:26.0276 3636 Modem - ok
04:25:26.0304 3636 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:25:26.0344 3636 monitor - ok
04:25:26.0370 3636 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:25:26.0384 3636 mouclass - ok
04:25:26.0420 3636 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:25:26.0460 3636 mouhid - ok
04:25:26.0490 3636 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
04:25:26.0504 3636 MountMgr - ok
04:25:26.0552 3636 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
04:25:26.0574 3636 MpFilter - ok
04:25:26.0596 3636 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
04:25:26.0612 3636 mpio - ok
04:25:26.0720 3636 [ A69630D039C38018689190234F866D77 ] MpKslfb818485 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52E47708-A179-4423-8F98-43DC1F034406}\MpKslfb818485.sys
04:25:26.0732 3636 MpKslfb818485 - ok
04:25:26.0773 3636 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:25:26.0796 3636 mpsdrv - ok
04:25:26.0845 3636 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
04:25:26.0910 3636 MpsSvc - ok
04:25:26.0965 3636 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
04:25:26.0978 3636 Mraid35x - ok
04:25:27.0024 3636 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:25:27.0062 3636 MRxDAV - ok
04:25:27.0104 3636 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:25:27.0157 3636 mrxsmb - ok
04:25:27.0212 3636 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:25:27.0240 3636 mrxsmb10 - ok
04:25:27.0271 3636 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:25:27.0301 3636 mrxsmb20 - ok
04:25:27.0354 3636 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
04:25:27.0368 3636 msahci - ok
04:25:27.0393 3636 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:25:27.0409 3636 msdsm - ok
04:25:27.0429 3636 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
04:25:27.0476 3636 MSDTC - ok
04:25:27.0517 3636 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:25:27.0562 3636 Msfs - ok
04:25:27.0594 3636 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:25:27.0609 3636 msisadrv - ok
04:25:27.0651 3636 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:25:27.0680 3636 MSiSCSI - ok
04:25:27.0690 3636 msiserver - ok
04:25:27.0736 3636 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:25:27.0778 3636 MSKSSRV - ok
04:25:27.0855 3636 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
04:25:27.0871 3636 MsMpSvc - ok
04:25:27.0891 3636 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:25:27.0932 3636 MSPCLOCK - ok
04:25:27.0967 3636 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:25:28.0014 3636 MSPQM - ok
04:25:28.0045 3636 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:25:28.0063 3636 MsRPC - ok
04:25:28.0110 3636 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
04:25:28.0123 3636 mssmbios - ok
04:25:28.0157 3636 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:25:28.0204 3636 MSTEE - ok
04:25:28.0242 3636 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
04:25:28.0257 3636 Mup - ok
04:25:28.0307 3636 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
04:25:28.0368 3636 napagent - ok
04:25:28.0430 3636 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:25:28.0462 3636 NativeWifiP - ok
04:25:28.0535 3636 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
04:25:28.0564 3636 NDIS - ok
04:25:28.0599 3636 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:25:28.0639 3636 NdisTapi - ok
04:25:28.0666 3636 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:25:28.0692 3636 Ndisuio - ok
04:25:28.0743 3636 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:25:28.0770 3636 NdisWan - ok
04:25:28.0791 3636 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:25:28.0813 3636 NDProxy - ok
04:25:28.0872 3636 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
04:25:28.0896 3636 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
04:25:28.0896 3636 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
04:25:28.0935 3636 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:25:28.0983 3636 NetBIOS - ok
04:25:29.0018 3636 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
04:25:29.0042 3636 netbt - ok
04:25:29.0056 3636 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
04:25:29.0073 3636 Netlogon - ok
04:25:29.0112 3636 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
04:25:29.0156 3636 Netman - ok
04:25:29.0182 3636 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
04:25:29.0217 3636 netprofm - ok
04:25:29.0255 3636 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:25:29.0274 3636 NetTcpPortSharing - ok
04:25:29.0313 3636 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
04:25:29.0326 3636 nfrd960 - ok
04:25:29.0378 3636 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:25:29.0396 3636 NisDrv - ok
04:25:29.0434 3636 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
04:25:29.0459 3636 NisSrv - ok
04:25:29.0504 3636 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:25:29.0533 3636 NlaSvc - ok
04:25:29.0600 3636 [ EB900C136E660A8DEB657BE134C3BCD9 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
04:25:29.0611 3636 nosGetPlusHelper - ok
04:25:29.0649 3636 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:25:29.0688 3636 Npfs - ok
04:25:29.0717 3636 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
04:25:29.0763 3636 nsi - ok
04:25:29.0783 3636 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:25:29.0821 3636 nsiproxy - ok
04:25:29.0888 3636 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:25:29.0938 3636 Ntfs - ok
04:25:29.0981 3636 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
04:25:30.0027 3636 ntrigdigi - ok
04:25:30.0063 3636 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
04:25:30.0089 3636 Null - ok
04:25:30.0112 3636 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:25:30.0130 3636 nvraid - ok
04:25:30.0156 3636 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:25:30.0171 3636 nvstor - ok
04:25:30.0183 3636 nv_agp - ok
04:25:30.0192 3636 NwlnkFlt - ok
04:25:30.0204 3636 NwlnkFwd - ok
04:25:30.0289 3636 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:25:30.0313 3636 odserv - ok
04:25:30.0348 3636 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
04:25:30.0400 3636 ohci1394 - ok
04:25:30.0445 3636 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:25:30.0459 3636 ose - ok
04:25:30.0652 3636 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
04:25:30.0893 3636 osppsvc - ok
04:25:30.0968 3636 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
04:25:31.0096 3636 p2pimsvc - ok
04:25:31.0116 3636 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
04:25:31.0145 3636 p2psvc - ok
04:25:31.0204 3636 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
04:25:31.0250 3636 Parport - ok
04:25:31.0284 3636 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:25:31.0299 3636 partmgr - ok
04:25:31.0311 3636 Parvdm - ok
04:25:31.0341 3636 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
04:25:31.0419 3636 PcaSvc - ok
04:25:31.0445 3636 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
04:25:31.0463 3636 pci - ok
04:25:31.0485 3636 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
04:25:31.0500 3636 pciide - ok
04:25:31.0541 3636 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
04:25:31.0557 3636 pcmcia - ok
04:25:31.0596 3636 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:25:31.0666 3636 PEAUTH - ok
04:25:31.0774 3636 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
04:25:31.0875 3636 pla - ok
04:25:31.0916 3636 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:25:31.0943 3636 PlugPlay - ok
04:25:31.0962 3636 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
04:25:31.0968 3636 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
04:25:31.0969 3636 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
04:25:32.0002 3636 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
04:25:32.0052 3636 PNRPAutoReg - ok
04:25:32.0073 3636 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
04:25:32.0167 3636 PNRPsvc - ok
04:25:32.0247 3636 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:25:32.0290 3636 PolicyAgent - ok
04:25:32.0338 3636 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:25:32.0386 3636 PptpMiniport - ok
04:25:32.0410 3636 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
04:25:32.0437 3636 Processor - ok
04:25:32.0479 3636 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
04:25:32.0504 3636 ProfSvc - ok
04:25:32.0523 3636 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
04:25:32.0540 3636 ProtectedStorage - ok
04:25:32.0602 3636 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
04:25:32.0659 3636 PSched - ok
04:25:32.0736 3636 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
04:25:32.0748 3636 PxHelp20 - ok
04:25:32.0825 3636 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
04:25:32.0892 3636 ql2300 - ok
04:25:32.0932 3636 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
04:25:32.0947 3636 ql40xx - ok
04:25:32.0988 3636 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
04:25:33.0021 3636 QWAVE - ok
04:25:33.0049 3636 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:25:33.0077 3636 QWAVEdrv - ok
04:25:33.0104 3636 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:25:33.0131 3636 RasAcd - ok
04:25:33.0155 3636 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
04:25:33.0195 3636 RasAuto - ok
04:25:33.0239 3636 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:25:33.0268 3636 Rasl2tp - ok
04:25:33.0327 3636 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
04:25:33.0382 3636 RasMan - ok
04:25:33.0439 3636 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:25:33.0461 3636 RasPppoe - ok
04:25:33.0485 3636 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:25:33.0512 3636 RasSstp - ok
04:25:33.0554 3636 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:25:33.0579 3636 rdbss - ok
04:25:33.0608 3636 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:25:33.0654 3636 RDPCDD - ok
04:25:33.0692 3636 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
04:25:33.0723 3636 rdpdr - ok
04:25:33.0738 3636 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:25:33.0776 3636 RDPENCDD - ok
04:25:33.0825 3636 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:25:33.0889 3636 RDPWD - ok
04:25:33.0941 3636 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:25:33.0969 3636 RemoteAccess - ok
04:25:34.0006 3636 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:25:34.0029 3636 RemoteRegistry - ok
04:25:34.0066 3636 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
04:25:34.0112 3636 RpcLocator - ok
04:25:34.0149 3636 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
04:25:34.0180 3636 RpcSs - ok
04:25:34.0214 3636 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:25:34.0268 3636 rspndr - ok
04:25:34.0314 3636 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
04:25:34.0331 3636 RTL8169 - ok
04:25:34.0348 3636 [ 9FF7D9CF3A5F296613588B0E8DB83AFE ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
04:25:34.0392 3636 RTSTOR - ok
04:25:34.0423 3636 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
04:25:34.0438 3636 SamSs - ok
04:25:34.0462 3636 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:25:34.0477 3636 sbp2port - ok
04:25:34.0510 3636 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:25:34.0533 3636 SCardSvr - ok
04:25:34.0577 3636 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
04:25:34.0648 3636 Schedule - ok
04:25:34.0686 3636 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
04:25:34.0706 3636 SCPolicySvc - ok
04:25:34.0748 3636 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:25:34.0820 3636 SDRSVC - ok
04:25:34.0867 3636 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:25:34.0933 3636 secdrv - ok
04:25:34.0964 3636 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
04:25:35.0014 3636 seclogon - ok
04:25:35.0055 3636 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
04:25:35.0097 3636 SENS - ok
04:25:35.0109 3636 Serenum - ok
04:25:35.0119 3636 Serial - ok
04:25:35.0142 3636 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
04:25:35.0169 3636 sermouse - ok
04:25:35.0209 3636 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
04:25:35.0240 3636 SessionEnv - ok
04:25:35.0262 3636 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:25:35.0288 3636 sffdisk - ok
04:25:35.0299 3636 sffp_mmc - ok
04:25:35.0311 3636 sffp_sd - ok
04:25:35.0348 3636 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
04:25:35.0412 3636 sfloppy - ok
04:25:35.0459 3636 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:25:35.0510 3636 SharedAccess - ok
04:25:35.0556 3636 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:25:35.0620 3636 ShellHWDetection - ok
04:25:35.0632 3636 sisagp - ok
04:25:35.0682 3636 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
04:25:35.0696 3636 SiSRaid2 - ok
04:25:35.0723 3636 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
04:25:35.0738 3636 SiSRaid4 - ok
04:25:35.0789 3636 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
04:25:35.0803 3636 SkypeUpdate - ok
04:25:35.0926 3636 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
04:25:36.0097 3636 slsvc - ok
04:25:36.0142 3636 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
04:25:36.0186 3636 SLUINotify - ok
04:25:36.0234 3636 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:25:36.0269 3636 Smb - ok
04:25:36.0315 3636 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:25:36.0330 3636 SNMPTRAP - ok
04:25:36.0370 3636 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
04:25:36.0384 3636 spldr - ok
04:25:36.0430 3636 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
04:25:36.0482 3636 Spooler - ok
04:25:36.0538 3636 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
04:25:36.0581 3636 srv - ok
04:25:36.0621 3636 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:25:36.0673 3636 srv2 - ok
04:25:36.0717 3636 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:25:36.0749 3636 srvnet - ok
04:25:36.0794 3636 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:25:36.0823 3636 SSDPSRV - ok
04:25:36.0851 3636 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:25:36.0867 3636 SstpSvc - ok
04:25:36.0913 3636 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
04:25:36.0951 3636 StillCam - ok
04:25:37.0011 3636 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
04:25:37.0046 3636 stisvc - ok
04:25:37.0125 3636 [ 42FEF84684D217870F3C8813B6F58276 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
04:25:37.0171 3636 SupportSoft RemoteAssist - ok
04:25:37.0207 3636 [ 1FD8760CFCB68178F147EA97F0A8AC45 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
04:25:37.0240 3636 SWDUMon - ok
04:25:37.0259 3636 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
04:25:37.0272 3636 swenum - ok
04:25:37.0309 3636 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
04:25:37.0350 3636 swprv - ok
04:25:37.0391 3636 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
04:25:37.0403 3636 Symc8xx - ok
04:25:37.0425 3636 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
04:25:37.0438 3636 Sym_hi - ok
04:25:37.0455 3636 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
04:25:37.0469 3636 Sym_u3 - ok
04:25:37.0504 3636 [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
04:25:37.0520 3636 SynTP - ok
04:25:37.0557 3636 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
04:25:37.0637 3636 SysMain - ok
04:25:37.0678 3636 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:25:37.0718 3636 TabletInputService - ok
04:25:37.0755 3636 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:25:37.0791 3636 TapiSrv - ok
04:25:37.0818 3636 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
04:25:37.0846 3636 TBS - ok
04:25:37.0903 3636 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:25:37.0949 3636 Tcpip - ok
04:25:37.0979 3636 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
04:25:38.0014 3636 Tcpip6 - ok
04:25:38.0057 3636 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:25:38.0102 3636 tcpipreg - ok
04:25:38.0149 3636 [ 6FDFBA25002CE4BAC463AC866AE71405 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
04:25:38.0163 3636 tdcmdpst - ok
04:25:38.0199 3636 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:25:38.0239 3636 TDPIPE - ok
04:25:38.0261 3636 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:25:38.0288 3636 TDTCP - ok
04:25:38.0321 3636 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:25:38.0396 3636 tdx - ok
04:25:38.0436 3636 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
04:25:38.0451 3636 TermDD - ok
04:25:38.0480 3636 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
04:25:38.0514 3636 TermService - ok
04:25:38.0545 3636 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
04:25:38.0563 3636 Themes - ok
04:25:38.0585 3636 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
04:25:38.0612 3636 THREADORDER - ok
04:25:38.0706 3636 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
04:25:38.0716 3636 TMachInfo - ok
04:25:38.0810 3636 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
04:25:38.0822 3636 TNaviSrv - ok
04:25:38.0884 3636 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
04:25:38.0897 3636 TODDSrv - ok
04:25:38.0959 3636 [ 44DBAC611B11646683B5B066A049B8E4 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
04:25:38.0982 3636 TosCoSrv - ok
04:25:39.0012 3636 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
04:25:39.0035 3636 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
04:25:39.0035 3636 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
04:25:39.0089 3636 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
04:25:39.0106 3636 tos_sps32 - ok
04:25:39.0151 3636 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
04:25:39.0195 3636 TrkWks - ok
04:25:39.0260 3636 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:25:39.0296 3636 TrustedInstaller - ok
04:25:39.0337 3636 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:25:39.0376 3636 tssecsrv - ok
04:25:39.0405 3636 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
04:25:39.0462 3636 tunmp - ok
04:25:39.0512 3636 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:25:39.0541 3636 tunnel - ok
04:25:39.0584 3636 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
04:25:39.0595 3636 TVALZ - ok
04:25:39.0605 3636 uagp35 - ok
04:25:39.0648 3636 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:25:39.0674 3636 udfs - ok
04:25:39.0721 3636 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:25:39.0750 3636 UI0Detect - ok
04:25:39.0858 3636 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
04:25:39.0865 3636 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
04:25:39.0865 3636 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
04:25:39.0875 3636 uliagpkx - ok
04:25:39.0927 3636 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
04:25:39.0947 3636 uliahci - ok
04:25:39.0973 3636 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
04:25:39.0987 3636 UlSata - ok
04:25:40.0028 3636 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
04:25:40.0045 3636 ulsata2 - ok
04:25:40.0094 3636 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
04:25:40.0163 3636 umbus - ok
04:25:40.0199 3636 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
04:25:40.0240 3636 upnphost - ok
04:25:40.0302 3636 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
04:25:40.0370 3636 USBAAPL - ok
04:25:40.0414 3636 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
04:25:40.0455 3636 usbaudio - ok
04:25:40.0503 3636 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:25:40.0545 3636 usbccgp - ok
04:25:40.0575 3636 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:25:40.0636 3636 usbcir - ok
04:25:40.0679 3636 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:25:40.0718 3636 usbehci - ok
04:25:40.0769 3636 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:25:40.0795 3636 usbhub - ok
04:25:40.0832 3636 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
04:25:40.0877 3636 usbohci - ok
04:25:40.0915 3636 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
04:25:40.0959 3636 usbprint - ok
04:25:40.0989 3636 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
04:25:41.0027 3636 usbscan - ok
04:25:41.0054 3636 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:25:41.0076 3636 USBSTOR - ok
04:25:41.0094 3636 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
04:25:41.0132 3636 usbuhci - ok
04:25:41.0186 3636 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
04:25:41.0236 3636 usbvideo - ok
04:25:41.0285 3636 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
04:25:41.0308 3636 UxSms - ok
04:25:41.0348 3636 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
04:25:41.0377 3636 vds - ok
04:25:41.0410 3636 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:25:41.0451 3636 vga - ok
04:25:41.0478 3636 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
04:25:41.0504 3636 VgaSave - ok
04:25:41.0517 3636 viaagp - ok
04:25:41.0558 3636 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
04:25:41.0585 3636 ViaC7 - ok
04:25:41.0609 3636 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
04:25:41.0623 3636 viaide - ok
04:25:41.0659 3636 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:25:41.0673 3636 volmgr - ok
04:25:41.0718 3636 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:25:41.0739 3636 volmgrx - ok
04:25:41.0778 3636 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:25:41.0797 3636 volsnap - ok
04:25:41.0819 3636 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
04:25:41.0835 3636 vsmraid - ok
04:25:41.0897 3636 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
04:25:41.0951 3636 VSS - ok
04:25:41.0982 3636 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
04:25:42.0011 3636 W32Time - ok
04:25:42.0043 3636 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
04:25:42.0090 3636 WacomPen - ok
04:25:42.0106 3636 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
04:25:42.0143 3636 Wanarp - ok
04:25:42.0154 3636 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:25:42.0179 3636 Wanarpv6 - ok
04:25:42.0224 3636 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:25:42.0276 3636 wcncsvc - ok
04:25:42.0331 3636 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:25:42.0385 3636 WcsPlugInService - ok
04:25:42.0431 3636 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
04:25:42.0444 3636 Wd - ok
04:25:42.0471 3636 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:25:42.0500 3636 Wdf01000 - ok
04:25:42.0523 3636 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:25:42.0567 3636 WdiServiceHost - ok
04:25:42.0577 3636 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:25:42.0608 3636 WdiSystemHost - ok
04:25:42.0648 3636 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
04:25:42.0689 3636 WebClient - ok
04:25:42.0742 3636 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:25:42.0827 3636 Wecsvc - ok
04:25:42.0877 3636 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:25:42.0901 3636 wercplsupport - ok
04:25:42.0942 3636 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
04:25:42.0968 3636 WerSvc - ok
04:25:43.0029 3636 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
04:25:43.0049 3636 WinDefend - ok
04:25:43.0068 3636 WinHttpAutoProxySvc - ok
04:25:43.0119 3636 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:25:43.0143 3636 Winmgmt - ok
04:25:43.0212 3636 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
04:25:43.0286 3636 WinRM - ok
04:25:43.0363 3636 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
04:25:43.0420 3636 Wlansvc - ok
04:25:43.0472 3636 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
04:25:43.0513 3636 WmiAcpi - ok
04:25:43.0563 3636 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:25:43.0606 3636 wmiApSrv - ok
04:25:43.0749 3636 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
04:25:43.0868 3636 WMPNetworkSvc - ok
04:25:43.0913 3636 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:25:43.0970 3636 WPCSvc - ok
04:25:44.0015 3636 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:25:44.0082 3636 WPDBusEnum - ok
04:25:44.0136 3636 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
04:25:44.0150 3636 WpdUsb - ok
04:25:44.0259 3636 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
04:25:44.0287 3636 WPFFontCache_v0400 - ok
04:25:44.0326 3636 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:25:44.0371 3636 ws2ifsl - ok
04:25:44.0401 3636 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
04:25:44.0436 3636 wscsvc - ok
04:25:44.0485 3636 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
04:25:44.0506 3636 WSDPrintDevice - ok
04:25:44.0516 3636 WSearch - ok
04:25:44.0615 3636 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
04:25:44.0696 3636 wuauserv - ok
04:25:44.0743 3636 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:25:44.0789 3636 wudfsvc - ok
04:25:44.0806 3636 ================ Scan global ===============================
04:25:44.0850 3636 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
04:25:44.0899 3636 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
04:25:44.0916 3636 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
04:25:44.0969 3636 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
04:25:44.0974 3636 [Global] - ok
04:25:44.0977 3636 ================ Scan MBR ==================================
04:25:44.0990 3636 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
04:25:46.0076 3636 \Device\Harddisk0\DR0 - ok
04:25:46.0080 3636 ================ Scan VBR ==================================
04:25:46.0117 3636 [ DDD4ED3E4179338815173D0292658390 ] \Device\Harddisk0\DR0\Partition1
04:25:46.0118 3636 \Device\Harddisk0\DR0\Partition1 - ok
04:25:46.0122 3636 ============================================================
04:25:46.0122 3636 Scan finished
04:25:46.0122 3636 ============================================================
04:25:46.0139 3648 Detected object count: 8
04:25:46.0139 3648 Actual detected object count: 8
04:26:41.0582 3648 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:41.0582 3648 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:41.0583 3648 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:41.0583 3648 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:41.0583 3648 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:41.0583 3648 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:41.0583 3648 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:41.0583 3648 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:41.0584 3648 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:41.0584 3648 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:41.0584 3648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:41.0584 3648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:41.0584 3648 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:41.0584 3648 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:41.0585 3648 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:41.0585 3648 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:29:46.0792 5484 Deinitialize success



and Combofix

ComboFix 12-10-25.01 - Cindy 10/25/2012 4:47.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.1021 [GMT -10:00]
Running from: c:\users\Cindy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB676F2C-C965-4A50-BC3B-9A8704695093}.xps
c:\users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB3F670F-558D-47C6-A65D-6AB00F750185}.xps
c:\users\Cindy\AppData\Roaming\mIRC\logs\status.log
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\ReadMe.txt
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
.
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 14:57 . 2012-10-25 14:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-25 14:57 . 2012-10-25 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 14:57 . 2012-10-25 14:57 -------- d-----w- c:\users\Cindy\AppData\Local\temp
2012-10-25 14:56 . 2008-01-21 02:23 83456 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-10-25 13:43 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52E47708-A179-4423-8F98-43DC1F034406}\mpengine.dll
2012-10-24 14:21 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-24 02:00 . 2012-10-24 02:00 -------- d-----w- C:\FRST
2012-10-22 00:23 . 2012-10-22 00:23 -------- d-----w- C:\_OTL
2012-10-19 23:56 . 2012-10-03 00:23 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7485D08-C2F0-4783-8918-30907CF28F0F}\gapaengine.dll
2012-10-10 03:30 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 03:30 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 03:30 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 03:30 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 03:30 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 03:30 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 03:30 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 13:16 . 2012-04-11 01:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 13:16 . 2011-05-20 14:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 00:23 . 2011-03-27 00:14 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 05:54 . 2010-04-05 13:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 08:03 . 2012-08-31 08:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 08:03 . 2010-10-25 07:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-25 11:50 . 2012-09-22 00:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-22 00:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-22 00:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-22 00:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-08-25 11:44 . 2012-09-22 00:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-25 10:11 . 2012-09-22 00:26 385024 ----a-w- c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-22 00:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-22 00:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 23:01 . 2012-09-14 02:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 23:01 . 2011-06-28 04:41 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-31 30192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-11 296056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-02-11 23:45 1295736 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 13:16]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 14:35]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 14:35]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-toscdspd - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-25 05:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
.
**************************************************************************
.
Completion time: 2012-10-25 05:09:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-25 15:09
.
Pre-Run: 62,678,024,192 bytes free
Post-Run: 62,844,776,448 bytes free
.
- - End Of File - - 23D2488C2D15C3A1E58555F75AA55019


And last but not least... I'm moving normally WITHOUT running as administrator .......Where's that bowing dude? :notworthy:
Thank You Sir! :cheers: I can move! Alriiiiiiiight!
Thank you. PLing will be much easier now. :thumbsup:
Lemme know what's next :D
  • 0

#37
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I definitely want to see a new OTL scan:

1. Rerun OTL
2. Click the box beside Scan All Users
3. Click the RunScan button
The OTL.txt will will be open on the desktop. Copy and paste it into your next reply.

I will be back later.
  • 0

#38
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs!
Well, it's running better :D But.....

OTL logfile created on: 10/25/2012 2:34:57 PM - Run 9
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 32.32% Memory free
3.98 Gb Paging File | 2.52 Gb Available in Paging File | 63.33% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 58.37 Gb Free Space | 52.90% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 15:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/25 05:02:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/13 16:22:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/09/03 20:23:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2010/05/20 17:36:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/01/02 03:40:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2010/03/13 20:59:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Comodo Downloader [2010/07/31 15:46:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/09/04 02:53:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HitmanPro [2012/07/04 06:07:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012/10/11 15:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2010/04/05 03:31:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/09/04 02:56:25 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/10/10 03:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\N360BUOptions.ini ()
O4 - Startup: C:\Users\All Users\NOS [2010/08/18 04:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/07/29 04:11:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF reDirect [2011/12/19 16:49:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/20 23:57:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2012/05/28 19:07:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 03:01:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/11 04:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/08/12 16:01:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010/08/06 17:05:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/27 04:10:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/09/04 02:49:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 03:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2010/03/13 21:05:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 08:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010/11/25 21:33:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2010/05/20 20:37:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2010/08/10 15:35:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/20 17:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/20 19:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\.minecraft [2011/07/31 00:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\AppData [2010/05/08 05:34:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Application Data [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Contacts [2012/04/04 14:16:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Cookies [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Desktop [2012/10/25 04:42:16 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\DoctorWeb [2012/09/14 05:10:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Documents [2012/10/14 15:22:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Downloads [2012/10/12 03:44:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Favorites [2012/07/21 21:47:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Links [2012/03/08 14:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Local Settings [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Music [2012/01/05 20:17:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\My Documents [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\NetHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\New Folder [2012/09/20 19:49:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\ntuser.dat ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\ntuser.ini ()
O4 - Startup: C:\Users\Cindy\Pictures [2012/10/25 04:00:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\PrintHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Recent [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Saved Games [2010/03/25 19:03:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Searches [2011/01/01 01:19:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\SendTo [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Start Menu [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Templates [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Videos [2012/01/12 19:11:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 01:18:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 03:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 08:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 00:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2010/11/13 02:21:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Guest\Application Data [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2010/11/13 02:20:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2012/10/19 18:54:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2012/08/05 20:44:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2010/11/27 05:30:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\ntuser.dat ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Saved Games [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\AppData [2012/10/25 05:09:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Desktop [2012/10/24 03:32:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Documents [2010/03/15 21:51:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/10/27 02:51:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/25 05:02:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/25 05:02:55 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/10/25 04:44:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/25 04:44:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/25 04:44:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/25 04:43:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/25 04:43:56 | 000,000,000 | ---D | C] -- \Qoobox
[2012/10/23 16:00:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/23 16:00:15 | 000,000,000 | ---D | C] -- \FRST
[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- \_OTL
[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/10/25 14:30:26 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 14:30:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 14:30:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 14:30:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 06:16:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/25 06:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/25 05:02:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/24 03:32:13 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 16:19:39 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/23 16:19:39 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/19 04:52:38 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/25 04:44:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/25 04:44:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/25 04:44:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/25 04:44:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/25 04:44:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >




Sorry....still uncooperative computer :blush:
Got a window that said Pev.exe stopped working during the CF run. I just left it be and let it all finish. CF enabled me to not have to 'run as administrator' So that's nice. Some things that may need mentioning, the kwdoqpob.sys file actually resides in my c: folder straight up. Bootsect.bak is also there. And there are quite a few (10) ntuser.dat files in my user file (the one that reappeared on my desktop) All have different dates. Not sure if that's relevant, but just in case.
I think that's all. Thank you for your time :) Have a great evening, lemme know what's next.
Cindy
  • 0

#39
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yeah, you still may be looking at a factory restore.


Step-1.

Uninstall HitmanPro

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

HitmanPro

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\HitmanPro

2. Close Windows Explorer.


Step-2.

Run ERUNT and back the registry up.


Step-3.

See if you can get into the Recovery Environment now. Follow the instructions under Step 2 of post #19


Step-4.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:PROCESSES
killallprocesses

:COMMANDS
[CREATERESTOREPOINT]

:OTL
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

:REG
[-HKLM\System\MountedDevices]

:COMMANDS
[REBOOT]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-5.

Re-run RogueKiller

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
Please post:

The RKreport.txt text file located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-6.

Re-run OTL

  • Run OTL and click the box beside Scan All Users
  • Click the RunScan button.
  • The OTL.txt file will open on the desktop. Post in in your next reply.


Step-7.

Things For Your Next Post:
1. Let me know if Repair Your Computer worked this time
2. The OTL fixes log
3. The RKreport.txt log
4. The new Otl.txt log
  • 0

#40
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs
Not lookin' too good

1. No signs of hitmanpro...at all.

2. erunt ok


3. Repair a no go, as usual :(

4. Fix:

========== PROCESSES =========
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender not found.
File move failed. C:\Program Files\Windows Defender\MSASCui.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\MountedDevices\ deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.65.1 log created on 10252012_191247

Files\Folders moved on Reboot...
File move failed. C:\Program Files\Windows Defender\MSASCui.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


5. Roguekiller

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Cindy [Admin rights]
Mode : Scan -- Date : 10/25/2012 19:32:15

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1246GSX +++++
--- User ---
[MBR] 333509ccec37e10f777d045a76424e11
[BSP] fa8e8eede9515186a1b2b92ae253de15 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112971 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

6. Otl


OTL logfile created on: 10/25/2012 7:36:06 PM - Run 10
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.30% Memory free
3.98 Gb Paging File | 2.96 Gb Available in Paging File | 74.26% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 58.04 Gb Free Space | 52.60% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/10/25 19:29:55 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37F2BD71-3A07-4B5A-883D-F8B4B073F7C4}\MpKslc3cc92c6.sys -- (MpKslc3cc92c6)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/25 05:02:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/13 16:22:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/09/03 20:23:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2010/05/20 17:36:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/01/02 03:40:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2010/03/13 20:59:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Comodo Downloader [2010/07/31 15:46:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/09/04 02:53:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HitmanPro [2012/07/04 06:07:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012/10/11 15:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2010/04/05 03:31:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/09/04 02:56:25 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/10/10 03:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\N360BUOptions.ini ()
O4 - Startup: C:\Users\All Users\NOS [2010/08/18 04:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/07/29 04:11:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF reDirect [2011/12/19 16:49:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/20 23:57:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2012/05/28 19:07:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 03:01:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/11 04:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/08/12 16:01:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010/08/06 17:05:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/27 04:10:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/09/04 02:49:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 03:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2010/03/13 21:05:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 08:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010/11/25 21:33:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2010/05/20 20:37:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2010/08/10 15:35:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/20 17:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/20 19:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\.minecraft [2011/07/31 00:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\AppData [2010/05/08 05:34:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Application Data [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Contacts [2012/04/04 14:16:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Cookies [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Desktop [2012/10/25 19:32:15 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\DoctorWeb [2012/09/14 05:10:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Documents [2012/10/14 15:22:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Downloads [2012/10/12 03:44:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Favorites [2012/07/21 21:47:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Links [2012/03/08 14:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Local Settings [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Music [2012/01/05 20:17:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\My Documents [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\NetHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\New Folder [2012/09/20 19:49:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\ntuser.dat ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\ntuser.ini ()
O4 - Startup: C:\Users\Cindy\Pictures [2012/10/25 04:00:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\PrintHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Recent [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Saved Games [2010/03/25 19:03:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Searches [2011/01/01 01:19:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\SendTo [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Start Menu [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Templates [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Videos [2012/01/12 19:11:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 01:18:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 03:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 08:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 00:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2010/11/13 02:21:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Guest\Application Data [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2010/11/13 02:20:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2012/10/19 18:54:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2012/08/05 20:44:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2010/11/27 05:30:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\ntuser.dat ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Saved Games [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\AppData [2012/10/25 05:09:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Desktop [2012/10/24 03:32:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Documents [2010/03/15 21:51:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/10/27 02:51:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/25 05:02:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/25 05:02:55 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/10/25 04:44:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/25 04:44:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/25 04:44:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/25 04:43:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/25 04:43:56 | 000,000,000 | ---D | C] -- \Qoobox
[2012/10/23 16:00:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/23 16:00:15 | 000,000,000 | ---D | C] -- \FRST
[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- \_OTL
[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/10/25 19:17:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/25 19:15:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 19:15:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 19:15:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 19:14:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 19:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/25 05:02:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/24 03:32:13 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 16:19:39 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/23 16:19:39 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/19 04:52:38 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/25 04:44:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/25 04:44:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/25 04:44:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/25 04:44:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/25 04:44:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


Crimeny. Ok. No Hit man pro anywhere. Not in uninstalls or program files or when searched. Caps or no, spaces or no. Thats not good. I also have an OTL from 2 years ago..none of the questionable files are there. There
s probably a trail in them tho, I would think, so I'm going to go back thru that 2 years and see what I find.
Thank you for your time. Any ideas?
  • 0

Advertisements


#41
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Step-1.

Fix a Corrupted User Profile

Create New User Accounts

  • Log in to Windows with your administrator account or as a user who has been given administrator privileges.
  • Click the Windows logo button. Click Control Panel.
  • Click User Accounts and Family Safety, then under the User Accounts hedaing click Add or remove user accounts and click Continue on the UAC warning. The Manage Accounts page will open.
  • Click Create a new account.
  • Type Test as the name for the new user account. Select the account type--"Administrator". Click Create Account
  • Repeat the steps above to create another user account. This will be your new user account so give it a name you want to keep.


Transfer Corrupted User's Files

  • Log in to Windows with the Test user account.
  • Click the Start Orb. Click Computer
  • On the Computer page click Tools at the top of the page and click Folder Options.
  • On the Folder Options page click the View tab.
  • In the Advanced Settings box under Files and Folders click the button beside Show Hidden Files and Folders and clear the Hide protected operating system files (Recommended) check box. Click Yes in the confirmation message and then click OK.
  • Back on the Computer window, double-click the primary drive of your computer (usually the "C:" drive).
  • Double-click Users folder.
  • Double-click the corrupted Windows user's folder,(This should be the C:\Usesr\Cindy folder),to show its contents in the right side of the window.
    • NOTE: If you get a warning that you don't have permissions to access that page, click Continue and you will be given access.
  • Click the first file or folder listed at the top of the list in the corrupted user's folder. Press and hold the Shift keyboard key. Scroll to the bottom of the corrupted user's folder. Click the last file or folder in the list to simultaneously select it and all the rest of the files. Release the Shift key.
  • Press and hold the Ctrl keyboard key. Click on the Ntuser.dat, Ntuser.ini and Ntuser.dat.log files to deselect them.
    • NOTE: There may be more than one Ntuser.dat.log file. Deselect them all.
  • Release the Ctrl button. Right-click on a selected and highlighted file and click Copy. This will copy all of the files.
  • At the top of the Computer window, click the back arrow. Right-click the new user's name.
    • NOTE: If you get a warning that you don't have permissions to access that page, click Continue and you will be given access.
  • Click on Paste.
    • NOTE: When you get the warning asking if you want to overwrite the file or folder, check the box to allow all files/folders to be overwritten.
  • Log off of the Windows Test account.
  • Log onto Windows using the new user account you just created.
  • Open the Control Panel and under User Accounts and Family Safety click Add or remove user accounts.
  • Click the Test account and click Delete the account from the list on the left.
After we have completed our cleanup, and you have confirmed that everything works OK in the new user account you can go back to the Control Panel and delete the old Cindy account.

Step-2.

Run a new OTL scan with the Scan All Users box checked and let's see if this got the 04 StartUp entries.
Post the new OTL.txt log
  • 1

#42
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs
Good news...I think:

OTL logfile created on: 10/27/2012 5:31:32 PM - Run 11
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cinjo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.59% Memory free
3.98 Gb Paging File | 2.84 Gb Available in Paging File | 71.32% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 47.67 Gb Free Space | 43.21% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cinjo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/11 13:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:43:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:38:31 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:38:21 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/11 17:17:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 17:10:01 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 16:54:35 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 16:54:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/13 20:38:15 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/10/25 05:02:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/27 17:06:49 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2012/10/27 17:06:49 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/10/27 16:52:31 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Documents\Ulead DVD MovieFactory
[2012/10/27 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Documents\OneNote Notebooks
[2012/10/27 16:52:24 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Desktop\Weekly Cleanup
[2012/10/27 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\V Stuff
[2012/10/27 16:52:23 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\UCPL5
[2012/10/27 16:47:34 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Tools and information
[2012/10/27 16:46:20 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\SparksSpotts Family
[2012/10/27 16:46:20 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Sparkes Info
[2012/10/27 16:46:20 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\RK_Quarantine
[2012/10/27 16:46:15 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\R & T
[2012/10/27 16:46:13 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\pics
[2012/10/27 16:46:12 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\my scan results
[2012/10/27 16:46:12 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\laptop help godawgs )
[2012/10/27 16:46:11 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\laptop help
[2012/10/27 16:46:11 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Jones family
[2012/10/27 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Joe
[2012/10/27 16:44:30 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\GTG
[2012/10/27 16:44:29 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Desktop\desktop keep info
[2012/10/27 16:44:18 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Daniel's Music
[2012/10/27 16:44:17 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Cinjo\Desktop\unhide.exe
[2012/10/27 16:44:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Daniel
[2012/10/27 16:44:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Best for Search
[2012/10/27 16:44:14 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cinjo\Desktop\tdsskiller.exe
[2012/10/27 16:44:14 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTS.scr
[2012/10/27 16:44:12 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTL.exe
[2012/10/27 16:44:12 | 000,219,648 | ---- | C] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTA.exe
[2012/10/27 16:44:11 | 004,988,915 | R--- | C] (Swearware) -- C:\Users\Cinjo\Desktop\ComboFix.exe
[2012/10/27 16:44:11 | 000,694,323 | ---- | C] (Farbar) -- C:\Users\Cinjo\Desktop\FSS.exe
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Yahoo!
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\WinBatch
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Ventrilo
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Ulead Systems
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\.minecraft
[2012/10/27 16:43:53 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\TOSHIBA
[2012/10/27 16:43:53 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Symantec
[2012/10/27 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Skype
[2012/10/27 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Samsung
[2012/10/27 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\PeerNetworking
[2012/10/27 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\PDF reDirect
[2012/10/27 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Octoshape
[2012/10/27 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\mIRC
[2012/10/27 16:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Malwarebytes
[2012/10/27 16:42:11 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\InstallShield
[2012/10/27 16:42:10 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\HpUpdate
[2012/10/27 16:42:10 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\HP
[2012/10/27 16:42:10 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Google
[2012/10/27 16:40:18 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Adobe
[2012/10/27 16:40:18 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\298C9C7DADAA7E8E26A337A4FE989565
[2012/10/27 16:18:52 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Documents\My Google Gadgets
[2012/10/27 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Toshiba
[2012/10/27 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Real
[2012/10/27 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Google
[2012/10/27 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Apple Computer
[2012/10/27 16:17:18 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/10/27 16:17:18 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Searches
[2012/10/27 16:17:18 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/10/27 16:17:10 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Identities
[2012/10/27 16:17:08 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Contacts
[2012/10/27 16:16:34 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\VirtualStore
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\AppData\Local\Temporary Internet Files
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Templates
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Start Menu
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\SendTo
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Recent
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\PrintHood
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\NetHood
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Documents\My Videos
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Documents\My Pictures
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Documents\My Music
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\My Documents
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Local Settings
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\AppData\Local\History
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Cookies
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Application Data
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\AppData\Local\Application Data
[2012/10/27 16:15:54 | 000,000,000 | --SD | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Videos
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Saved Games
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Pictures
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Music
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Links
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Favorites
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Downloads
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Documents
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Desktop
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\temp
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Mozilla
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Microsoft Help
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Microsoft
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Media Center Programs
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Macromedia
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData
[2012/10/25 05:02:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/25 04:44:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/25 04:44:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/25 04:44:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/25 04:43:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/23 16:00:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/10/27 17:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/27 17:10:41 | 000,000,914 | ---- | M] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/27 17:10:08 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/27 17:06:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/27 16:05:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 16:05:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 16:05:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 19:31:28 | 001,580,544 | ---- | M] () -- C:\Users\Cinjo\Desktop\RogueKiller.exe
[2012/10/25 06:03:14 | 000,000,190 | ---- | M] () -- C:\Users\Cinjo\Desktop\Geeks to Go! – Tech experts answer your questions.url
[2012/10/25 05:02:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/25 04:42:16 | 004,988,915 | R--- | M] (Swearware) -- C:\Users\Cinjo\Desktop\ComboFix.exe
[2012/10/25 03:59:21 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cinjo\Desktop\tdsskiller.exe
[2012/10/25 03:58:33 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Cinjo\Desktop\unhide.exe
[2012/10/24 03:32:13 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 16:19:39 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/23 16:19:39 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/21 05:55:26 | 000,061,440 | ---- | M] ( ) -- C:\Users\Cinjo\Desktop\VEW.exe
[2012/10/21 04:36:54 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTS.scr
[2012/10/20 03:07:53 | 000,694,323 | ---- | M] (Farbar) -- C:\Users\Cinjo\Desktop\FSS.exe
[2012/10/19 19:22:33 | 000,001,570 | ---- | M] () -- C:\Users\Cinjo\Desktop\remove.reg
[2012/10/19 18:54:44 | 000,000,685 | ---- | M] () -- C:\Users\Cinjo\Desktop\ERUNT.lnk
[2012/10/19 04:52:38 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/14 15:22:31 | 000,049,799 | ---- | M] () -- C:\Users\Cinjo\Documents\taryn's resume (skilled based).rtf
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/27 17:06:49 | 000,001,082 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/10/27 17:06:04 | 000,001,865 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/10/27 17:06:04 | 000,001,691 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/10/27 17:06:04 | 000,000,949 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/27 17:06:04 | 000,000,914 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/27 17:06:04 | 000,000,901 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/27 17:06:04 | 000,000,783 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/10/27 17:06:04 | 000,000,430 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Dan's Pages - Shortcut.lnk
[2012/10/27 16:52:28 | 000,392,271 | ---- | C] () -- C:\Users\Cinjo\Documents\roasterbook.pdf
[2012/10/27 16:52:28 | 000,111,552 | ---- | C] () -- C:\Users\Cinjo\Documents\thank you card.gif
[2012/10/27 16:52:28 | 000,049,799 | ---- | C] () -- C:\Users\Cinjo\Documents\taryn's resume (skilled based).rtf
[2012/10/27 16:52:28 | 000,046,238 | ---- | C] () -- C:\Users\Cinjo\Documents\bookmark.htm
[2012/10/27 16:52:28 | 000,024,646 | ---- | C] () -- C:\Users\Cinjo\Documents\HDTune_Benchmark_TOSHIBA_MK1246GSX.png
[2012/10/27 16:52:28 | 000,000,478 | ---- | C] () -- C:\Users\Cinjo\Documents\joe resume.rtf
[2012/10/27 16:44:17 | 000,061,440 | ---- | C] ( ) -- C:\Users\Cinjo\Desktop\VEW.exe
[2012/10/27 16:44:17 | 000,000,166 | ---- | C] () -- C:\Users\Cinjo\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url
[2012/10/27 16:44:17 | 000,000,133 | ---- | C] () -- C:\Users\Cinjo\Desktop\Ukulele Resource Page - Learn to play ukulele!.url
[2012/10/27 16:44:14 | 001,580,544 | ---- | C] () -- C:\Users\Cinjo\Desktop\RogueKiller.exe
[2012/10/27 16:44:14 | 000,484,445 | ---- | C] () -- C:\Users\Cinjo\Desktop\Silent Runners.vbs
[2012/10/27 16:44:14 | 000,001,570 | ---- | C] () -- C:\Users\Cinjo\Desktop\remove.reg
[2012/10/27 16:44:12 | 000,067,284 | ---- | C] () -- C:\Users\Cinjo\Desktop\ListenToYouTube.mht
[2012/10/27 16:44:12 | 000,000,954 | ---- | C] () -- C:\Users\Cinjo\Desktop\Launch Internet Explorer Browser.lnk
[2012/10/27 16:44:12 | 000,000,612 | ---- | C] () -- C:\Users\Cinjo\Desktop\jodysphonenumbers - Shortcut.lnk
[2012/10/27 16:44:12 | 000,000,126 | ---- | C] () -- C:\Users\Cinjo\Desktop\moms flower store.url
[2012/10/27 16:44:11 | 000,066,503 | ---- | C] () -- C:\Users\Cinjo\Desktop\Dads page.htm
[2012/10/27 16:44:11 | 000,000,766 | ---- | C] () -- C:\Users\Cinjo\Desktop\Blueline - Shortcut.lnk
[2012/10/27 16:44:11 | 000,000,685 | ---- | C] () -- C:\Users\Cinjo\Desktop\ERUNT.lnk
[2012/10/27 16:44:11 | 000,000,320 | ---- | C] () -- C:\Users\Cinjo\Desktop\Danny Sparks BorthwickObit Honolulu HI.url
[2012/10/27 16:44:11 | 000,000,190 | ---- | C] () -- C:\Users\Cinjo\Desktop\Geeks to Go! – Tech experts answer your questions.url
[2012/10/27 16:44:10 | 000,889,856 | ---- | C] () -- C:\Users\Cinjo\Desktop\ANOTB.exe
[2012/10/27 16:40:18 | 000,024,085 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\UserTile.png
[2012/10/27 16:17:21 | 000,000,920 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/10/27 16:17:17 | 000,000,915 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/10/27 16:17:08 | 000,000,886 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/10/27 16:15:54 | 000,000,258 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/10/27 16:15:54 | 000,000,240 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/10/25 04:44:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/25 04:44:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/25 04:44:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/25 04:44:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/25 04:44:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cinjo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



I noticed looking back thru my last couple years (:lol:) of OTL logs that the locale information disappeared between otl run 2 and 3 in 2010. That's back for the first time. I noticed many other things over the time as well. Interesting.
Also, when I was lookin' 'round I went into administrative tools and checked out the Scheduled Tasks section. First thing a warning pops up "The task image is corrupt or has been tampered with.mcupdate"
That happens with any user. Default scopes were not in the log back then either.
Also the Ntuser.dat.log files followed? When I was copying and pasting they were listed even tho unselected, even tho not chosen. They were there (or rather here?) during the transfer. I restarted the whole process 3 times just to make sure. Same way, every time. When I reveal them now, they all have today's date so they're all fresh? As for the transfer of files itself, I did as you said. Some files would not transfer by choices given, most were merged by choices given.
And I had mentioned before about another account. ASP.net. Kill or keep? Seems useless at this point. So there's that one, guest which is undeletable, Cindy and the new one.
So far so good on this side. Thank you! Nifty trick :) I have not deleted the other acct. yet. Test is deleted. Awesome. Let me know how you would like me to proceed.
Mahalo :D
  • 0

#43
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Cindy,

Yep, something corrupted your user profile.

I just noticed something. You have been going back and forth using OTL versions 3.2.65.1 for runs 3(which was the first one you posted), 4(run on 10/16), 5(run on 10/19), 6(run on 10/19), 7(run on 10/21), 8(run on 10/22), 9(run on 10/25), 10(run on 10/25), 11(run on 10/27)

and version 3.2.69.0 for runs 5(run on 10/13) and another run 7 run on 10/14.

This is from my first post (post#2) back on 10/13:

here is the otl log I got. Fortunately I had a newer version on my desktop,


Unfortunately it isn't the most recent version. Please delete the OTL.exe file and the OTL.txt file and Extras.txt file from the desktop. Delete the C:\_OTL folder. Then I want you to download the latest version and get some new scans.

Why is version 3.2.65.1 still on your desktop and why are you still using it? Please Delete version 3.2.65.1 from the desktop!!! And use version 3.2.69.0
DO NOT delete the C:\_OTL folder.

Also, when I was lookin' 'round I went into administrative tools and checked out the Scheduled Tasks section. First thing a warning pops up "The task image is corrupt or has been tampered with.mcupdate"

That is a task to update the McAfee antivirus. It must have been installed at some time. You can delete the task from task scheduler.

Also the Ntuser.dat.log files followed? When I was copying and pasting they were listed even tho unselected, even tho not chosen. They were there (or rather here?) during the transfer.

The new user profile creates new Ntuser.dat.logs.

And I had mentioned before about another account. ASP.net. Kill or keep? Seems useless at this point. So there's that one, guest which is undeletable, Cindy and the new one.

Can't imagine why there would be a user account named ASP.net You, or something created it.
Here is a link to a google page on asp.net linky
If you don't recognize it and didn't create it let me know and we will delete it as part of the cleanup process.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}

:FILES
ipcongig /flushdns /c

:COMMANDS
[EMPTYTEMP]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted ImageMalwarebytes' Anti-Malware


  • Open MalwareBytes. To do that:
    • Right click on the MalwareBytes icon on the desktop and click Run as Administrator.
  • You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and allow the program to update if needed.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-3.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

I want to get one final OTL scan including the Extras.txt log.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the box beside Scan All Users.
  • Do Not click the box beside Include 64bit Scans.
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the circle beside Use Safelist.<---Important
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.


Step-4.

Things For Your Next Post:
1. The OTL fixes log
2. The MalwareBytes log
3. The Checkup.txt log
4. The new OTL.txt log
5. The Extras.txt log
6. How is the computer running?
  • 0

#44
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Godawgs :D


This is also from the OTL log:

Error - 10/13/2012 11:51:30 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
It appears that something happened on the 13th that caused a problem loading a registy file



That error goes back as far as my log goes. Apparently it's a regular thing....or was. Haven't checked in the error log in the last few days.


Why is version 3.2.65.1 still on your desktop and why are you still using it? Please Delete version 3.2.65.1 from the desktop!!! And use version 3.2.69.0.



Uh huh. Yes, I did as instructed. The first time you asked.


DO NOT delete the C:\_OTL folder.

I did not, I just deleted the OTL copy as instructed.

I think System restore in post 13 made earlier OTL. I did nothing. I didn't realize it either until you just said, but that's my excuse, and I'm stickin' to it. Interesting it still says Run 4 Hmmm....


That is a task to update the McAfee antivirus. It must have been installed at some time. You can delete the task from task scheduler.


I've never added or deleted anything there purposefully, I'll figure it out and do it. It can't be that difficult :D

Can't imagine why there would be a user account named ASP.net You, or something created it.
Here is a link to a google page on asp.net linky
If you don't recognize it and didn't create it let me know and we will delete it as part of the cleanup process.


:lol: It's always been there. I thought it was supposed to be there. It can go. You can or I will :D



OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1904047010-3443834183-2145573803-1007\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
========== FILES ==========
< ipcongig /flushdns /c >
C:\Users\Cinjo\Desktop\cmd.bat deleted successfully.
C:\Users\Cinjo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cindy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 609349334 bytes
->Java cache emptied: 6182946 bytes
->Google Chrome cache emptied: 9796623 bytes
->Flash cache emptied: 173841 bytes

User: Cinjo
->Temp folder emptied: 591819 bytes
->Temporary Internet Files folder emptied: 50133389 bytes
->Java cache emptied: 6182946 bytes
->Flash cache emptied: 174286 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 30027273 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 58413 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Test

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3574536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 600576 bytes

Total Files Cleaned = 684.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10282012_152308

Files\Folders moved on Reboot...
File\Folder C:\Users\Cinjo\AppData\Local\Temp\~DF7388.tmp not found!
File\Folder C:\Users\Cinjo\AppData\Local\Temp\~DF738F.tmp not found!
File\Folder C:\Users\Cinjo\AppData\Local\Temp\~DF73EC.tmp not found!
File\Folder C:\Users\Cinjo\AppData\Local\Temp\~DF73F2.tmp not found!
File\Folder C:\Users\Cinjo\AppData\Local\Temp\~DF7419.tmp not found!
File\Folder C:\Users\Cinjo\AppData\Local\Temp\~DF741F.tmp not found!
C:\Users\Cinjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWAKTW8I\page__pid__2221652__st__30[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




MWB


2012/10/28 02:05:38 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 02:05:38 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 02:05:49 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\MP3.exe Trojan.Clicker ALLOW
2012/10/28 04:49:15 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 04:56:14 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\MP3.exe Trojan.Clicker ALLOW
2012/10/28 04:56:14 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 11:48:56 -1000 CINDY-PC Cindy DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 11:50:20 -1000 CINDY-PC Cindy DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 13:48:26 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 13:48:27 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 13:48:56 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\MP3.exe Trojan.Clicker ALLOW
2012/10/28 15:04:56 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 15:04:57 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 15:06:23 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\MP3.exe Trojan.Clicker ALLOW
2012/10/28 15:45:37 -1000 CINDY-PC Cinjo MESSAGE Starting database refresh
2012/10/28 15:45:58 -1000 CINDY-PC Cinjo MESSAGE Database refreshed successfully



Security Check
:blush:

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 7
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


OTL:

OTL logfile created on: 10/28/2012 7:18:08 PM - Run 12
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cinjo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 47.73% Memory free
3.98 Gb Paging File | 2.98 Gb Available in Paging File | 74.89% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 47.28 Gb Free Space | 42.86% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cinjo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/28 15:19:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/11 13:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:43:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:38:31 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:38:21 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/11 17:17:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 17:10:01 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 16:54:35 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 16:54:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/13 20:38:15 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/10/25 05:02:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1007\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/28 15:19:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTL.exe
[2012/10/28 02:10:39 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Adobe
[2012/10/27 17:06:49 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2012/10/27 17:06:49 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/10/27 16:52:31 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Documents\Ulead DVD MovieFactory
[2012/10/27 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Documents\OneNote Notebooks
[2012/10/27 16:52:24 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Desktop\Weekly Cleanup
[2012/10/27 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\V Stuff
[2012/10/27 16:52:23 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\UCPL5
[2012/10/27 16:47:34 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Tools and information
[2012/10/27 16:46:20 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\SparksSpotts Family
[2012/10/27 16:46:20 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Sparkes Info
[2012/10/27 16:46:20 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\RK_Quarantine
[2012/10/27 16:46:15 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\R & T
[2012/10/27 16:46:13 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\pics
[2012/10/27 16:46:12 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\my scan results
[2012/10/27 16:46:12 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\laptop help godawgs )
[2012/10/27 16:46:11 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\laptop help
[2012/10/27 16:46:11 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Jones family
[2012/10/27 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Joe
[2012/10/27 16:44:30 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\GTG
[2012/10/27 16:44:29 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Desktop\desktop keep info
[2012/10/27 16:44:18 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Daniel's Music
[2012/10/27 16:44:17 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Cinjo\Desktop\unhide.exe
[2012/10/27 16:44:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Daniel
[2012/10/27 16:44:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Desktop\Best for Search
[2012/10/27 16:44:14 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cinjo\Desktop\tdsskiller.exe
[2012/10/27 16:44:14 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTS.scr
[2012/10/27 16:44:12 | 000,219,648 | ---- | C] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTA.exe
[2012/10/27 16:44:11 | 004,988,915 | R--- | C] (Swearware) -- C:\Users\Cinjo\Desktop\ComboFix.exe
[2012/10/27 16:44:11 | 000,694,323 | ---- | C] (Farbar) -- C:\Users\Cinjo\Desktop\FSS.exe
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Yahoo!
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\WinBatch
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Ventrilo
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Ulead Systems
[2012/10/27 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\.minecraft
[2012/10/27 16:43:53 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\TOSHIBA
[2012/10/27 16:43:53 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Symantec
[2012/10/27 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Skype
[2012/10/27 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Samsung
[2012/10/27 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\PeerNetworking
[2012/10/27 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\PDF reDirect
[2012/10/27 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Octoshape
[2012/10/27 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\mIRC
[2012/10/27 16:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Malwarebytes
[2012/10/27 16:42:11 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\InstallShield
[2012/10/27 16:42:10 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\HpUpdate
[2012/10/27 16:42:10 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\HP
[2012/10/27 16:42:10 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Google
[2012/10/27 16:40:18 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Adobe
[2012/10/27 16:40:18 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\298C9C7DADAA7E8E26A337A4FE989565
[2012/10/27 16:18:52 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\Documents\My Google Gadgets
[2012/10/27 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Toshiba
[2012/10/27 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Real
[2012/10/27 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Google
[2012/10/27 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Apple Computer
[2012/10/27 16:17:18 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/10/27 16:17:18 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Searches
[2012/10/27 16:17:18 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/10/27 16:17:10 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Identities
[2012/10/27 16:17:08 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Contacts
[2012/10/27 16:16:34 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\VirtualStore
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\AppData\Local\Temporary Internet Files
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Templates
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Start Menu
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\SendTo
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Recent
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\PrintHood
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\NetHood
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Documents\My Videos
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Documents\My Pictures
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Documents\My Music
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\My Documents
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Local Settings
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\AppData\Local\History
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Cookies
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\Application Data
[2012/10/27 16:15:56 | 000,000,000 | -HSD | C] -- C:\Users\Cinjo\AppData\Local\Application Data
[2012/10/27 16:15:54 | 000,000,000 | --SD | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Videos
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Saved Games
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Pictures
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Music
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Links
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Favorites
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Downloads
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Documents
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\Desktop
[2012/10/27 16:15:54 | 000,000,000 | R--D | C] -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\temp
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Mozilla
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Microsoft Help
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Local\Microsoft
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Media Center Programs
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData\Roaming\Macromedia
[2012/10/27 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Cinjo\AppData
[2012/10/25 05:02:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/25 04:44:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/25 04:44:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/25 04:44:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/25 04:43:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/23 16:00:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/21 14:23:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/10/28 19:17:50 | 000,000,224 | ---- | M] () -- C:\Users\Cinjo\Desktop\Geeks to Go! – Tech experts answer your questions.url
[2012/10/28 19:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/28 19:09:54 | 000,881,854 | ---- | M] () -- C:\Users\Cinjo\Desktop\SecurityCheck.exe
[2012/10/28 19:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 17:37:47 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 17:36:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 17:36:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 17:36:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/28 15:19:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTL.exe
[2012/10/28 14:40:11 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/28 14:40:11 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/28 14:35:48 | 000,025,894 | ---- | M] () -- C:\Users\Cinjo\Desktop\taryn's resume 10.29.2012.pdf
[2012/10/28 14:23:09 | 000,006,144 | ---- | M] () -- C:\Users\Cinjo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/28 03:15:31 | 000,000,320 | ---- | M] () -- C:\Users\Cinjo\Desktop\Danny Sparks BorthwickObit Honolulu HI.url
[2012/10/27 17:10:41 | 000,000,914 | ---- | M] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/25 19:31:28 | 001,580,544 | ---- | M] () -- C:\Users\Cinjo\Desktop\RogueKiller.exe
[2012/10/25 05:02:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/25 04:42:16 | 004,988,915 | R--- | M] (Swearware) -- C:\Users\Cinjo\Desktop\ComboFix.exe
[2012/10/25 03:59:21 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cinjo\Desktop\tdsskiller.exe
[2012/10/25 03:58:33 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Cinjo\Desktop\unhide.exe
[2012/10/24 03:32:13 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/21 05:55:26 | 000,061,440 | ---- | M] ( ) -- C:\Users\Cinjo\Desktop\VEW.exe
[2012/10/21 04:36:54 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Cinjo\Desktop\OTS.scr
[2012/10/20 03:07:53 | 000,694,323 | ---- | M] (Farbar) -- C:\Users\Cinjo\Desktop\FSS.exe
[2012/10/19 19:22:33 | 000,001,570 | ---- | M] () -- C:\Users\Cinjo\Desktop\remove.reg
[2012/10/19 18:54:44 | 000,000,685 | ---- | M] () -- C:\Users\Cinjo\Desktop\ERUNT.lnk
[2012/10/19 04:52:38 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/14 15:22:31 | 000,049,799 | ---- | M] () -- C:\Users\Cinjo\Documents\taryn's resume (skilled based).rtf
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/28 19:09:46 | 000,881,854 | ---- | C] () -- C:\Users\Cinjo\Desktop\SecurityCheck.exe
[2012/10/28 14:39:14 | 000,025,894 | ---- | C] () -- C:\Users\Cinjo\Desktop\taryn's resume 10.29.2012.pdf
[2012/10/28 14:22:48 | 000,006,144 | ---- | C] () -- C:\Users\Cinjo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/27 17:06:49 | 000,001,082 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/10/27 17:06:04 | 000,001,865 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/10/27 17:06:04 | 000,001,691 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/10/27 17:06:04 | 000,000,949 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/27 17:06:04 | 000,000,914 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/27 17:06:04 | 000,000,901 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/27 17:06:04 | 000,000,783 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/10/27 17:06:04 | 000,000,430 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Dan's Pages - Shortcut.lnk
[2012/10/27 16:52:28 | 000,392,271 | ---- | C] () -- C:\Users\Cinjo\Documents\roasterbook.pdf
[2012/10/27 16:52:28 | 000,111,552 | ---- | C] () -- C:\Users\Cinjo\Documents\thank you card.gif
[2012/10/27 16:52:28 | 000,049,799 | ---- | C] () -- C:\Users\Cinjo\Documents\taryn's resume (skilled based).rtf
[2012/10/27 16:52:28 | 000,046,238 | ---- | C] () -- C:\Users\Cinjo\Documents\bookmark.htm
[2012/10/27 16:52:28 | 000,024,646 | ---- | C] () -- C:\Users\Cinjo\Documents\HDTune_Benchmark_TOSHIBA_MK1246GSX.png
[2012/10/27 16:52:28 | 000,000,478 | ---- | C] () -- C:\Users\Cinjo\Documents\joe resume.rtf
[2012/10/27 16:44:17 | 000,061,440 | ---- | C] ( ) -- C:\Users\Cinjo\Desktop\VEW.exe
[2012/10/27 16:44:17 | 000,000,166 | ---- | C] () -- C:\Users\Cinjo\Desktop\VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!.url
[2012/10/27 16:44:17 | 000,000,133 | ---- | C] () -- C:\Users\Cinjo\Desktop\Ukulele Resource Page - Learn to play ukulele!.url
[2012/10/27 16:44:14 | 001,580,544 | ---- | C] () -- C:\Users\Cinjo\Desktop\RogueKiller.exe
[2012/10/27 16:44:14 | 000,484,445 | ---- | C] () -- C:\Users\Cinjo\Desktop\Silent Runners.vbs
[2012/10/27 16:44:14 | 000,001,570 | ---- | C] () -- C:\Users\Cinjo\Desktop\remove.reg
[2012/10/27 16:44:12 | 000,067,284 | ---- | C] () -- C:\Users\Cinjo\Desktop\ListenToYouTube.mht
[2012/10/27 16:44:12 | 000,000,954 | ---- | C] () -- C:\Users\Cinjo\Desktop\Launch Internet Explorer Browser.lnk
[2012/10/27 16:44:12 | 000,000,612 | ---- | C] () -- C:\Users\Cinjo\Desktop\jodysphonenumbers - Shortcut.lnk
[2012/10/27 16:44:12 | 000,000,126 | ---- | C] () -- C:\Users\Cinjo\Desktop\moms flower store.url
[2012/10/27 16:44:11 | 000,066,503 | ---- | C] () -- C:\Users\Cinjo\Desktop\Dads page.htm
[2012/10/27 16:44:11 | 000,000,766 | ---- | C] () -- C:\Users\Cinjo\Desktop\Blueline - Shortcut.lnk
[2012/10/27 16:44:11 | 000,000,685 | ---- | C] () -- C:\Users\Cinjo\Desktop\ERUNT.lnk
[2012/10/27 16:44:11 | 000,000,320 | ---- | C] () -- C:\Users\Cinjo\Desktop\Danny Sparks BorthwickObit Honolulu HI.url
[2012/10/27 16:44:11 | 000,000,224 | ---- | C] () -- C:\Users\Cinjo\Desktop\Geeks to Go! – Tech experts answer your questions.url
[2012/10/27 16:44:11 | 000,000,152 | ---- | C] () -- C:\Users\Cinjo\Desktop\December 21 2012 • View topic - March 11, 2011 a Massive Earthquake - your thoughts.url
[2012/10/27 16:44:10 | 000,889,856 | ---- | C] () -- C:\Users\Cinjo\Desktop\ANOTB.exe
[2012/10/27 16:40:18 | 000,024,085 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\UserTile.png
[2012/10/27 16:17:21 | 000,000,920 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/10/27 16:17:17 | 000,000,915 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/10/27 16:17:08 | 000,000,886 | ---- | C] () -- C:\Users\Cinjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/10/27 16:15:54 | 000,000,258 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/10/27 16:15:54 | 000,000,240 | ---- | C] () -- C:\Users\Cinjo\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/10/25 04:44:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/25 04:44:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/25 04:44:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/25 04:44:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/25 04:44:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== ZeroAccess Check ==========

[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 07:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 20:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 20:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/08/06 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\298C9C7DADAA7E8E26A337A4FE989565
[2012/05/11 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Octoshape
[2012/09/21 15:08:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\PDF reDirect
[2010/08/10 05:05:16 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\PeerNetworking
[2011/11/29 08:22:45 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Samsung
[2012/01/26 05:14:19 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\TOSHIBA
[2010/09/22 02:35:35 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Ulead Systems
[2010/03/23 03:08:09 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\WinBatch
[2010/08/06 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\Roaming\298C9C7DADAA7E8E26A337A4FE989565
[2012/05/11 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\Roaming\Octoshape
[2012/10/27 16:43:47 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\Roaming\PDF reDirect
[2010/08/10 05:05:16 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\Roaming\PeerNetworking
[2011/11/29 08:22:45 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\Roaming\Samsung
[2012/10/27 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\Roaming\TOSHIBA
[2012/10/27 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\Roaming\Ulead Systems
[2012/10/27 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\Cinjo\AppData\Roaming\WinBatch
[2010/11/13 02:22:36 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OnlineArmor

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



Extras.txt

OTL Extras logfile created on: 10/28/2012 7:18:08 PM - Run 12
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cinjo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 47.73% Memory free
3.98 Gb Paging File | 2.98 Gb Available in Paging File | 74.89% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 47.28 Gb Free Space | 42.86% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cinjo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024864D8-9EDF-43C6-B144-D2A7A11D9A42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0957B8CC-BD1E-4C02-8A96-DBD11B5DF6D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{208838A3-8460-4580-AB5C-0F021799C9C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{27FDEB3A-5284-4048-8CF6-EE1310D75892}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A733626-7291-4B5B-91FC-17735696B2CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35B03953-554C-4846-96A2-2919DA852E6D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3A616F37-29FA-45D5-BBD0-B31CADE42962}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B1DB43E-BE49-4BB5-9097-50D60ADDD7DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D1EF7FD-0C17-4F02-AD3B-405F729058E1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{51018119-318D-45C0-AD1B-6AF928EF2230}" = lport=445 | protocol=6 | dir=in | app=system |
"{551E1B5B-88BA-4133-A6B2-50ACF82C2B28}" = rport=10243 | protocol=6 | dir=out | app=system |
"{591CAAA6-6184-417E-B390-F7F79ADFB709}" = lport=138 | protocol=17 | dir=in | app=system |
"{5F55AD6A-0E83-44CB-AA90-63E2B89F6094}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F6B4DB5-450A-4647-8D06-6396CB067101}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{603A8BD0-4143-44BC-803D-4A9405B04EE8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6CB72BF9-A452-4C40-898C-C73B211A16AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7D1F31F4-491D-410B-A79A-1FE46C2052C9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{81E1D8CD-3AE2-4DF5-AFF4-0C82BC7D8340}" = rport=138 | protocol=17 | dir=out | app=system |
"{8643C9D3-0E46-4AD5-8251-18B43F70203F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92DEDBC8-C5E5-4CC3-A308-678C6B9C0DF5}" = lport=137 | protocol=17 | dir=in | app=system |
"{A01BF944-EB34-44A6-8906-2AB4B9DCAE8D}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
"{AABE8393-2CC8-4AD7-86BC-990B0A639FF0}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9DAC50E-FA64-4B15-81DE-A733E2713DA4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0779F60-15BB-4B52-9E04-938CC6C953F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C846A653-4160-4986-AA0E-826CC05EB98A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E15C37CE-82D8-4CE1-B6DA-00B46F4F960A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E33CA958-721F-44F0-BDBF-DC38CAC91E39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E342FAB8-FC13-4C1A-A9F7-8B63A10D45C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED0EC886-E17F-4C00-A8BF-3894C9148350}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A73A87C-7E73-438C-90E9-1F79DA6BB56E}" = protocol=6 | dir=in | app=c:\windows\temp\7zs210b.tmp\symnrt.exe |
"{0E678A61-1B63-48B8-93D8-98805F397F23}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{0F5B07A5-6FCE-40DC-A386-CD59196FA0E9}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{13A1D8AF-4967-4CFD-9AAE-AC80F622645E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A179ADC-795D-4C92-8CD5-FCAF82607811}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{249AF4DF-780F-44EE-A174-A50FCA839DE8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2622A955-DF8E-4383-B6B5-22F13ECDCE99}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{279BA005-70A8-4F85-BEB6-531CA6D60504}" = protocol=1 | dir=in | [email protected],-28543 |
"{29149483-E719-407C-87D1-ADF2BE1540CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C5FE000-3847-4529-B6A0-47A4C7B1E622}" = protocol=17 | dir=in | app=c:\windows\temp\7zs2d15\hpdiagnosticcoreui.exe |
"{30226DEA-83A9-46CE-96FE-0C99C6A0F42D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{3FC59BBF-0E34-4D0E-AE38-70DEE7F72AFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FD2854E-4457-41FE-9ED7-7F97CC05E9A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4112C661-99A3-4EB8-9B0E-EC4670264DF9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4D4EF25F-711E-43A4-A151-F8190F544E49}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{52B9B602-8377-4ECD-86EF-50B8F9A60671}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{567D0144-38BA-47A4-AC99-EBD1907FE18E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A4C89DE-02FA-408B-B89C-7475C608EC7E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5C385125-0B57-43C0-BC08-97F8EABB8978}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CFFDE67-18DE-4E27-8559-D89F46303C98}" = protocol=1 | dir=out | [email protected],-28544 |
"{6F4D0CAA-DB95-4873-B721-44015076EE92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7AE1CBF8-1762-45BC-9F85-B4E93FF09D7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AFC3082-24A0-4D00-93EC-8B1A5D984831}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{7B196B37-D22C-4187-BCC3-BB752A083141}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{7BF90766-CDC0-412F-BAD9-4A90810D51FA}" = protocol=17 | dir=in | app=c:\windows\temp\7zs210b.tmp\symnrt.exe |
"{82D894EF-B995-4DE0-8888-7BD33734D3A4}" = dir=in | app=d:\setup\hpznui01.exe |
"{836C3E0B-30F0-410C-B39D-0C2107895D2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{93B7C916-0144-4125-B964-5CDF9C144B79}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{992B8D05-ECE2-465C-BA71-C9BD8070DC7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{99672142-FFAD-4B07-8C1A-729FC9CD545E}" = protocol=58 | dir=out | [email protected],-28546 |
"{9DD456BA-2685-40E9-B640-639BED8AD6D0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{A74FCAD5-125C-40B2-B544-E80DD02F22A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEDD65D0-C0AC-44E0-90EA-D093BA357BE5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B1338F43-F9CE-4ACD-938B-9087FFFE416D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5D5DDFC-43BB-4FEE-A38C-DA9CC1A2BC54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBD5A3D5-239F-4DFC-981E-CC9005EDBD74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0D52D64-9409-45CB-8119-8B95025EF1D6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C8DF7560-20F2-4C10-AFCC-406E22FB177C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC4A4B96-24CC-45F0-8E2E-C8B2BACD299D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CC6B71EF-1BEF-462B-A9DF-611B4D3F6A91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFA8155F-592E-49C0-B6C5-E55AA15985D8}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{D698795C-B283-4702-BB5C-1BB753864680}" = protocol=6 | dir=out | app=system |
"{DEE4E370-FE06-409A-AE71-9CF77DA6AF12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5AF2C54-BDC3-4932-AF61-4F9BB74EB4F9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E9AFD4DF-5107-4850-AD47-F29798EA0809}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC137608-436E-434F-BE8D-6B380FDD855E}" = protocol=58 | dir=in | [email protected],-28545 |
"{F1689418-10F3-42DA-8D54-41FB8959B1E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1E1B2A6-5D10-4860-84A5-B4B07652559B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9459D96-6F32-423E-A507-28186354A5BD}" = protocol=6 | dir=in | app=c:\windows\temp\7zs2d15\hpdiagnosticcoreui.exe |
"TCP Query User{0971A184-A58B-4AA5-9924-0C9383DAE1BE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{CAB65313-8F88-4A6B-BA3C-52DF5360F12A}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{471CD80E-02F4-4A43-8196-E2A8EB8B117C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B52EA8-8A5C-4FF5-A9F2-1A0F3259C3D2}" = TOSHIBA Application Disc Creator
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EDC842C6-5607-48B9-A0B2-7D8B9BC57333}" = AD_Install
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belarc Advisor" = Belarc Advisor 8.1
"Blueline_is1" = Blueline 1.1.1
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"md5Base_is1" = md5Base version 1.2.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Zuma Deluxe" = Zuma Deluxe

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2012 9:04:41 PM | Computer Name = Cindy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/28/2012 9:04:41 PM | Computer Name = Cindy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 44741

Error - 10/28/2012 9:04:41 PM | Computer Name = Cindy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 44741

Error - 10/28/2012 9:33:46 PM | Computer Name = Cindy-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2012 9:35:17 PM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/28/2012 9:35:21 PM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/28/2012 9:36:26 PM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/28/2012 9:36:46 PM | Computer Name = Cindy-PC | Source = TOSHIBA Service Station | ID = 0
Description = Access to the temp directory is denied. Identity 'Cindy-PC\Cindy'
under which XmlSerializer is running does not have sufficient permission to access
the temp directory. CodeDom will use the user account the process is using to
do the compilation, so if the user doesnt have access to system temp directory,
you will not be able to compile. Use Path.GetTempPath() API to find out the temp
directory location.

Error - 10/28/2012 9:36:46 PM | Computer Name = Cindy-PC | Source = TOSHIBA Service Station | ID = 0
Description = TSS Load: could not communicate with TMachInfo service

Error - 10/28/2012 11:38:10 PM | Computer Name = Cindy-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/27/2012 10:16:11 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/27/2012 10:20:33 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/27/2012 11:09:39 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/28/2012 1:27:53 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =

Error - 10/28/2012 7:53:22 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =

Error - 10/28/2012 5:14:23 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =

Error - 10/28/2012 5:24:58 PM | Computer Name = Cindy-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 10/28/2012 9:33:44 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =

Error - 10/28/2012 11:35:17 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/28/2012 11:38:33 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =


< End of report >


And it's runnin' very spiffy, thank you! It's a much happier computer. I think my PL is going to be a 'lil late tho. Any idea what exactly happened? I know it's been not quite right and getting progressively worse.
I know I have some uninstalls (Offices) and updates, but I was waiting until this is all pau first. Thank you! Thank you :D Please let me know if there's anything else?
  • 0

#45
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

I think System restore in post 13 made earlier OTL. I did nothing. I didn't realize it either until you just said, but that's my excuse, and I'm stickin' to it. Interesting it still says Run 4 Hmmm....

Fair enough :cool:

I've never added or deleted anything there purposefully, I'll figure it out and do it. It can't be that difficult :D

You wouldn't have added it. McAfee AV would have done it as part of the install.
  • Click the Start Orb and right click Computer, then click Manage.
  • Click Continue on the UAC window. The Computer Management window will open.
  • Click the down arrow beside Task Scheduler and click on Task Scheduler Library.
  • Look in the window to the right for anything named McAfee in the Name section. If you find it there, click it to hightlight it and click the red X in the right column to delete it.
  • If it isn't in the Task Scheduler Library window, look for a McAfee folder and delete it.

Did you mean to ALLOW all of the entries in the MalwareBytes scan?

2012/10/28 02:05:38 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 02:05:38 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 02:05:49 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\MP3.exe Trojan.Clicker ALLOW
2012/10/28 04:49:15 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 04:56:14 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\MP3.exe Trojan.Clicker ALLOW
2012/10/28 04:56:14 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 11:48:56 -1000 CINDY-PC Cindy DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 11:50:20 -1000 CINDY-PC Cindy DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 13:48:26 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 13:48:27 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 13:48:56 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\MP3.exe Trojan.Clicker ALLOW
2012/10/28 15:04:56 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\VOD.exe Trojan.Clicker ALLOW
2012/10/28 15:04:57 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\Shopping.exe Trojan.Clicker ALLOW
2012/10/28 15:06:23 -1000 CINDY-PC Cinjo DETECTION C:\Program Files\Toshiba\Amazon\MP3.exe Trojan.Clicker ALLOW
2012/10/28 15:45:37 -1000 CINDY-PC Cinjo MESSAGE Starting database refresh
2012/10/28 15:45:58 -1000 CINDY-PC Cinjo MESSAGE Database refreshed successfully

If you didn't, then you didnt do number 9 in Step 2 above correctly.
Please let me know .
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP