Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Microsoft Security Essentials (my AV) freezes upon scanning MSOCache f


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Right... the instructions' link was actually a link that when clicked will automatically start a download and like any other download the next step is to click on the downloaded file. But did you mean to search for the file location in the computer to run it? I see now that that's actually possible to do and you can actually right click to run as admin.

I'm still confused. Did you download the file or did you click the Run button from the browser?
  • 0

Advertisements


#17
Sephiria

Sephiria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
It's downloaded onto my computer. You know how on chrome there's a downloads section, it's temporarily on the bottom left of the browser after you click on any dl link. The downloads section can also be found under history. I clicked that exe file, that downloaded to my computer, to install and then run.
  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

You know how on chrome there's a downloads section

I don't use Chrome, so I don't know anything about it.

Let's try the ESET scan one more time.


Step-1.

Run ESET Online Scanner:

Note: Please use Internet Explorer. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found Do Not remove them, instead:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-2.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-3.

Things For Your Next Post:
1. The ESET log (If it ran and if it found any threats)
2. The Checkup.txt log
  • 0

#19
Sephiria

Sephiria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Sorry I have a couple questions regarding the ESET scan. It's currently scanning the MSOCache files and the timer is still counting up so I'm assuming its still working? Also, will my Internet connection affect the scan - if the network goes out will the scan still run? Comcast here has terrible wireless signals so my Internet always go in and out.
  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
once the program has been downloaded and installed (it does this automatically) the internet connection shouldn't interfere with it.
  • 0

#21
Sephiria

Sephiria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
No threats were found in the ESET scan. After it finished scanning the first part of the MSOcache files (which took about 10 minutes) this popped up in a new window: "The ordinal 344 could not be located in the dynamic link library COMCTL32.dll." The only option was to click "OK" but since the scan was still running I decided to wait until the scan finished to deal with it. The scan finished after 3hrs and 14min and no threats were found. So I clicked the OK from before and Microsoft Windows said "logon.scr has stopped working. A problem caused the program to stop working correctly..." Then I checked the box to uninstall the app upon closing and clicked Finish. After that I went back to MSE and reenabled it... it stalled for a couple minutes which is longer than usual.

Next I proceeded to run the Security Check. I dled using the second link and then when I clicked Show file in folder location (to find the downloaded file in the computer) to double click it there, the computer crashed and went to the same blue screen again. This time I was able to catch the first line which was something like "A problem has been detected and Windows will shut down the system..."

Then I turned on the computer into normal mode and ran the Security Check successfully, here's the log:

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 15
Java™ 6 Update 32
Java™ 7 Update 5
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (8.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


Oh and about Java... it used to prompt me to install the updates every time I turned on the computer but when I would try it would fail...

Edited by Sephiria, 12 November 2012 - 05:06 PM.

  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Oh and about Java... it used to prompt me to install the updates every time I turned on the computer but when I would try it would fail...

That may be due to all of the old Java updates still being on the system.
We will update Java and remove all of the old versions at the same time. And I want to get one final OTL scan to be sure everything is OK there.

Before you download the Java update file, change the IE download location to the desktop. That way when the file download is complete you can close the browser and find the file on the desktop.
Do Not click Run on the file download window, instead click Save or Save File.

Click on this link to see how to change the download folder location.
You can change it back when we are done if you want.

After the Java update file has been downloaded, when you double click on the Java update file, it may take a while before any window appears. This is normal. Just wait. And that screen may close and it may take a while for the updae window to appear. This is normal also.


Step-1.

Posted Image UPDATE JAVA
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Please download JavaRa to your desktop.
    • Click the Download button next to Legacy Version Version 1.1.6 to download JavaRA and unzip it to its own folder.
  • Run JavaRa.exe
  • Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.
    Posted Image
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. The most current version is Java SE 7u9.
You want the 64bit version, Windows x64 31.18 MB .
  • Click the link for the jre-7u9-windows-x64.exe file.

Step-2.

Posted Image OTL Scan

Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

Things For Your Next Post:
1. Let me know how the Java Update went.
2. The new OTL.txt log
  • 0

#23
Sephiria

Sephiria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I have IE8 and it looks like changing the download location will be difficult:
http://techlogon.com...fox-and-chrome/
Should I proceed?
  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I have IE8 and it looks like changing the download location will be difficult:

Huh :confused: that's strange. SecurityCheck didn't show IE as out of date. That's why I assumed that you had IE9.

Should I proceed?

Not with changing the download location. However, IE9 offers an easy way to change this location. And it is more secure than IE8. It was also designed a lot like FF in terms of changing settings. When we are done I would recommend that you update to IE9 if you use IE as your main browser.
Forget that part of the instructions and just begin with Step 1. But after the file is downloaded, navigate to that folder and run the file from there.

After this run, let me know if there are any issues remaining other than the MSSE, MBAM scans crashing on the C:\MOScache folder.
  • 0

#25
Sephiria

Sephiria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Java was updated without problems, thanks for helping with the update. Would keeping IE8 also make my computer more susceptible to malicious attacks? I don't think there are any other problems aside from the two you listed. New Windows updates are available for my computer, is it fine to update now?

OTL log:

OTL logfile created on: 11/14/2012 7:49:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danna\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.22% Memory free
8.19 Gb Paging File | 6.02 Gb Available in Paging File | 73.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.80 Gb Total Space | 199.15 Gb Free Space | 69.20% Space Free | Partition Type: NTFS

Computer Name: DANNA-PC | User Name: Danna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/14 19:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danna\Downloads\OTL (2).exe
PRC - [2012/09/01 10:27:48 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/02 20:37:54 | 000,547,824 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Roxio\RoxioNow Player\CNRpc.exe
PRC - [2011/08/02 20:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2011/08/02 20:37:18 | 002,785,776 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
PRC - [2009/03/04 14:20:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
PRC - [2009/03/04 14:20:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/03/04 14:19:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/03/04 14:18:48 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
PRC - [2009/01/24 10:23:18 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/01/21 09:07:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 09:07:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/19 11:49:24 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/19 11:49:24 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/14 12:38:40 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/12/18 09:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 11:17:01 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 10:15:50 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:15:39 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 18:15:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 18:14:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/12 10:38:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/12 10:37:25 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 10:37:13 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/04/23 03:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/22 03:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/01/03 02:58:08 | 003,186,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/29 20:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/03/29 20:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/03/04 14:20:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
MOD - [2009/03/04 14:20:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2009/03/04 14:19:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
MOD - [2009/03/04 14:19:46 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2009/03/04 14:19:46 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2009/03/04 14:19:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2009/03/04 14:19:42 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2009/03/04 14:18:00 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
MOD - [2009/03/04 14:17:58 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2009/03/04 14:17:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2009/03/04 14:17:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2009/03/04 14:17:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
MOD - [2009/03/04 14:17:52 | 000,126,976 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2009/03/04 14:17:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
MOD - [2009/03/04 14:17:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
MOD - [2009/03/04 14:17:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2009/03/04 10:59:32 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2009/03/04 10:59:32 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/01/24 10:23:16 | 000,839,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/01/19 15:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/01/16 20:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/01/07 12:16:18 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/12/19 13:02:10 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/09/29 15:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2008/08/20 16:16:10 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/08/20 15:39:28 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/08 18:56:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/02 20:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/21 09:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 09:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 09:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 10:56:06 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 10:52:18 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 10:51:48 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 10:51:18 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 10:50:48 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/19 11:49:24 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/14 12:38:40 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/07 23:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 20:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 05:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 16:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/02/09 12:11:42 | 000,262,192 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/02/05 12:03:56 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/02/05 12:03:55 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/02/05 12:03:54 | 000,095,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/02/05 12:03:27 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/07 12:16:18 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2009/01/07 12:16:15 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/11/18 16:08:46 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/11/11 16:04:45 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/10/22 16:02:20 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 16:02:11 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/10/01 16:39:48 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/08/28 22:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/30 16:13:56 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/05/28 02:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/29 16:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/24 13:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/01/20 18:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 18:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/05/02 10:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2007/05/02 10:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2007/05/02 10:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010/03/20 00:32:41 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/11/24 22:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNNT&bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNNT&bmod=SNNT
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SNNT_enUS346
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaimc00000001"
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.6.0.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Danna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Danna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Danna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Danna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Danna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Danna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/10 17:02:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/10 17:02:22 | 000,000,000 | ---D | M]

[2009/08/08 11:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danna\AppData\Roaming\Mozilla\Extensions
[2012/10/28 13:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danna\AppData\Roaming\Mozilla\Firefox\Profiles\19ydreng.default\extensions
[2010/09/18 15:22:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Danna\AppData\Roaming\Mozilla\Firefox\Profiles\19ydreng.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/28 13:10:13 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Danna\AppData\Roaming\Mozilla\Firefox\Profiles\19ydreng.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/09/15 11:25:51 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Danna\AppData\Roaming\Mozilla\Firefox\Profiles\19ydreng.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/08/30 23:58:40 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Danna\AppData\Roaming\Mozilla\Firefox\Profiles\19ydreng.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/06/23 15:11:06 | 000,001,490 | ---- | M] () -- C:\Users\Danna\AppData\Roaming\Mozilla\Firefox\Profiles\19ydreng.default\searchplugins\AOL Search.xml
[2012/05/05 09:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/06 22:43:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/05/05 09:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011/12/30 22:30:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/13 10:39:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/06/23 15:11:06 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2011/09/28 16:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/30 22:30:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co...=SNNT&bmod=SNNT
CHR - default_search_provider: Amazon.com (Enabled)
CHR - default_search_provider: search_url = http://www.amazon.co...s}&mode=blended
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.co...=SNNT&bmod=SNNT
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: RoxioNow Player (Enabled) = C:\Users\Danna\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgpehoeakhlffpkgpigbkeagobkaofj\1.9.6.1_1\npRNowPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Danna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Danna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Danna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Danna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Danna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Danna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Danna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: RoxioNow Player Extension = C:\Users\Danna\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgpehoeakhlffpkgpigbkeagobkaofj\1.9.6.1_1\
CHR - Extension: Gmail = C:\Users\Danna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RegistrationReminder] C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [RoxioNowMediaManagerApp] C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Rovi Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Danna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{476B1C44-11A9-4CD4-BD2A-91C1B717DBB5}: DhcpNameServer = 192.168.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB09B296-E789-4499-8D36-C314C64EC8E2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Danna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Danna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/14 19:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/10 17:15:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/08 21:57:08 | 000,000,000 | ---D | C] -- C:\Users\Danna\AppData\Roaming\Malwarebytes
[2012/11/08 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/08 21:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/08 21:56:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/08 21:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/08 19:45:28 | 000,000,000 | ---D | C] -- C:\Users\Danna\Desktop\RK_Quarantine
[2012/11/07 19:15:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/29 12:43:04 | 000,000,000 | ---D | C] -- C:\Users\Danna\Documents\CHE104
[1 C:\Users\Danna\Documents\*.tmp files -> C:\Users\Danna\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/14 19:55:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/14 19:25:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-575201574-2949513387-3497248929-1000UA.job
[2012/11/14 19:04:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/14 18:19:46 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/14 18:19:46 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/14 18:19:46 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/14 18:14:20 | 000,079,757 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/11/14 18:13:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/14 18:13:53 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/14 18:13:53 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/14 18:13:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/14 18:13:37 | 4291,796,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 23:47:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/11/13 20:58:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-575201574-2949513387-3497248929-1000UA.job
[2012/11/12 20:36:09 | 000,079,757 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/11/12 17:25:23 | 000,001,280 | ---- | M] () -- C:\Users\Danna\AppData\Roaming\wklnhst.dat
[2012/11/12 14:58:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-575201574-2949513387-3497248929-1000Core.job
[2012/11/12 14:45:43 | 627,647,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/09 19:07:11 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/08 21:56:55 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/08 19:41:16 | 000,000,512 | ---- | M] () -- C:\Users\Danna\Desktop\MBR.dat
[2012/11/05 10:25:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-575201574-2949513387-3497248929-1000Core.job
[1 C:\Users\Danna\Documents\*.tmp files -> C:\Users\Danna\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/12 14:45:43 | 627,647,801 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/08 21:56:55 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/08 19:41:16 | 000,000,512 | ---- | C] () -- C:\Users\Danna\Desktop\MBR.dat
[2012/11/07 19:20:14 | 4291,796,992 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/30 20:46:17 | 000,722,292 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/11 15:04:14 | 000,000,732 | ---- | C] () -- C:\Users\Danna\AppData\Local\d3d9caps64.dat
[2011/10/01 09:06:34 | 000,000,000 | ---- | C] () -- C:\Users\Danna\AppData\Local\{950898A7-F632-4424-90C4-597B4E7287D8}
[2010/10/17 09:23:55 | 000,001,356 | ---- | C] () -- C:\Users\Danna\AppData\Local\d3d9caps.dat
[2010/03/18 15:20:40 | 000,000,000 | ---- | C] () -- C:\Users\Danna\AppData\Local\prvlcl.dat
[2009/09/10 11:59:06 | 000,010,240 | ---- | C] () -- C:\Users\Danna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/04 19:02:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/07/26 21:04:28 | 000,001,280 | ---- | C] () -- C:\Users\Danna\AppData\Roaming\wklnhst.dat
[2009/04/16 18:31:46 | 000,079,757 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/16 18:26:52 | 000,079,757 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/15 22:03:51 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\acccore
[2009/10/14 08:55:29 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Amazon
[2012/01/15 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Artogon
[2009/08/22 22:16:37 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Auslogics
[2012/05/13 21:33:47 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Aveyond 3
[2012/01/22 00:37:17 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\BashGames
[2012/02/05 18:02:54 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Be a King 2
[2012/05/13 10:39:15 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Catalina Marketing Corp
[2010/06/25 17:59:50 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\E-centives
[2011/05/08 07:59:24 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\ElementalsTheMagicKey
[2010/07/17 11:53:30 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\GetRightToGo
[2012/07/25 22:41:25 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Guitar Pro 6
[2012/04/04 23:03:42 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\IsolatedStorage
[2012/02/05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Lonely Troops
[2011/08/13 10:44:00 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\MyPublisher
[2011/12/10 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Playrix Entertainment
[2011/06/09 12:39:39 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\RunningPillow
[2012/02/05 18:12:11 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Sahmon Games
[2010/03/19 23:47:46 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Samsung
[2009/12/14 01:01:44 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\SecondLife
[2012/07/27 21:53:25 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Spotify
[2012/04/04 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Symyx
[2009/07/26 21:04:39 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\Template
[2012/06/19 00:01:17 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\TheFlyingDutchman
[2012/02/05 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Danna\AppData\Roaming\TheGreatPharaoh

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Java was updated without problems, thanks for helping with the update.

You're welcome.

Would keeping IE8 also make my computer more susceptible to malicious attacks?

The short answer is yes. IE uses Active X controls and a lot of malware is written to exploit Active X. IE9 is a much more secure browser. It is supposedly on a par with browsers that use plug-ins like Firefox. There are things you can do to make IE8 more secure. I will address them in my closing, but the bottom line is if you use IE as your primary browser I would suggest you upgrade to IE9.

I don't think there are any other problems aside from the two you listed. New Windows updates are available for my computer, is it fine to update now?

That's good to hear. Go ahead and update windows. While you're at it, and I can't believe SecurityCheck didn't flag this, your Firefox program is badly out of date. so you need to update it also.

After the updates I want you to run a full scan with MSSE and see if it will complete. I don't see any malware left on the computer. So if the scan still crashes, the problem is something in the Microsoft Office cache files. If the scan won't complete the only things I can suggest are 1. Setting MSSE and MBAM to ignore that folder. 2. A repair of Microsoft Office. 3. Uninstall and reinstall Office. Or you can start a topic in the Applications forum and one of one of our A number 1 Techs will be happy to take a look. :)

1.
How many versions of OTL do you have in your Downloads folder?

C:\Users\Danna\Downloads\OTL (2).exe

This would indicate that you have several.

2.
Is AOL your internet provider?


Step-1.

Do the Microsoft Updates.


Step-2.

Update Fifefox

Your Firefox is badly out of date. The new version is Firefox 16.0.2

  • At the top of the Firefox window click the Firefox button.
  • Go over to the Help menu and select About Firefox.
    NOTE: If you're using the Menu Bar, click Help and then click About Firefox
    The About Firefox window will open and Firefox will begin checking for updates. If updates are available, they will begin downloading automatically.
    Posted Image
  • When the updates are downloaded and ready to be installed, click Apply Update. Firefox will be restarted and the updates will be installed.
Posted Image


Step-3.

Try a Full Scan with MSSE.


Step-4.

Things For Your Next Post:
1. Answer my questions above.
2. Let me know how the updates went.
3. Let me know if the problem with MSSE crashing on the C:\MSOcache folder is still present.
  • 0

#27
Sephiria

Sephiria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
What's step 1 referring to? I updated Firefox without problems and MSSE just completed a full scan. Do you know what could explain the computer crashing into a blue screen the first time?

1.
How many versions of OTL do you have in your Downloads folder?

There's currently 3.

2.
Is AOL your internet provider?

No it's Comcast.
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Sephiria,

What's step 1 referring to?

At the beginning of post #25 you said:

...New Windows updates are available for my computer, is it fine to update now?

That's what Step 1. was referring to.

I updated Firefox without problems and MSSE just completed a full scan. Do you know what could explain the computer crashing into a blue screen the first time?

It's hard to say. If one of the Microsoft Updates you installed was for the MSSC Client package it updated the scanning engine for MSSE. That could have done it. IE is a core part of the Windows OS. If you upadted IE that may have done it. The last full MSSE scan we tried was back in post #10 so any of the fixes done since then could have done it. Running the AVG removal tool or disabling Windows Defender could have done it. MSSE has a hard time running correctly if any part of any other antivirus program is left on the system. Sometime it won't even install. MSSE also has a serious conflict with Windows Defender if both are running at the same time. MSSE is coded to turn Windows Defender off during installation but either it didn't in this case or the malware turned it back on. Was it because there were remnants of AVG left on the system?...Hard to say.

But what we can say is the problem is gone. :D

1.
How many versions of OTL do you have in your Downloads folder?

There's currently 3.

I will need you to go into the Downloads folder and delete the OTL(1).exe and OTL(2).exe files. You don't need to delete any other files except the OTL(1) and OTL(2) files. The OTL cleanup process will take care of the rest of them.

No it's Comcast.

I'll take care of the AOL reference in the IE homepage in the OTL cleanup. :)



OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

Step-1.

First, delete the OTL(1).exe and OTL(2).exe files in the Downloads folder.

OTL Cleanup
1. Please copy all of the text in the Quote box below (Do Not copy the word Quote). To do this, highlight everything inside the Quote box (except the word Quote) , right click and click Copy.
  • :OTL
    FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaimc00000001"
    [2010/06/23 15:11:06 | 000,001,490 | ---- | M] () -- C:\Users\Danna\AppData\Roaming\Mozilla\Firefox\Profiles\19ydreng.default\searchplugins\AOL Search.xml
    [2010/06/23 15:11:06 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

    :COMMANDS
    [EMPTYTEMP]

  • Please re-open Posted Image on your desktop.
  • Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
  • Click the Posted Image button.
  • Let the program run unhindered. When finished click the OK button and close the log that appears.
  • NOTE: I do not need to review the log produced.
  • OTL may ask to reboot the machine. Please do so if asked.
2. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-2.

Delete the following Files/Folders (If present):

MBR.dat
avg_remover_stf_x64_2012_1796.exe
SecurityCheck.exe
Checkup.txt
JavaRa-1.16-6-9-12.zip
jre-7u9-windows-x64.exe


Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-3.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

For Vista and Windows 7:
  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel
Now we can purge the old Restore Points
  • Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    Posted Image
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the More Options tab.
  • Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
    Posted Image
  • In the Disk Cleanup dialog box, click Delete (See screenshot below).
    Posted Image
  • You will get a Disk Cleanup confirmation (See screenshot below)
    Posted Image
  • Click Delete Files, and then click OK.
Step-4.

Reset Hidden Files and Folders

For Vista and Windows 7
1. Click Start,click Control Panel.
2. Click Folder Options.... NOTE: If you are in the Category view, click Appearance, then Folder Options
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK


Preventing Re-Infection


Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File: (Only needed for Firefox)
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I Get Infected in the First Place(by Mr. Tony Klein and dvk01)

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#29
Sephiria

Sephiria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
What was the malware on my computer?

I'm assuming whatever it was caused my computer to crash the first time (it was a result of just browsing the Internet - not running a full MSSE scan). Is that a safe assumption?
  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Running the MSSE full scan didn't cause the problem. It just brought your attention to the problem.
You didn't really have any dedicated malware file(s) I could find. You had a couple of nefarious programs on the system:

Viewpoint Media Player
Coupon Printer for Windows

Viewpoint can be installed when another program is installed but in most cases it is a conscious download. As is Coupon Printer.

You had a bad URL in IE that may have been the result of browsing the internet.

And you had several programs that were out of date:
IE
Java
Fifefox

You really need to keep IE and Java updated. Malware writers target these programs.

I really don't know why MSSE crashed on the MOScache folder. It could have been a prior update that MSSE didn't like. It could have been a problem with the original installation of MSSE due to the remnants of AVG still on the system, and if one of the Microsoft Windows updates you just did was for the MSSE Client that cleared the problem since the AVG remnants had already been removed. I say that because I just installed updates on my system a few days ago and one of them was the MSSE Client package. It could have been that one of the updates was for the Office program and that cleared the problem.

Operating Systems have so many different configurations and different people install and remove so many different things that is is difficult to pinpoint a problem like this. That is why I put the following in my Welcome:

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine.


I know that wasn't definitive, but it's the best answer I have. I can tell you that I didn't see the amount and kind of malware files on your system that I see when someone has lax security and practices unsafe browsing habits.

The only way you are going to completely eliminate the possibility of getting infected is to disconnect the computer form the internet and never go browsing. But what fun would that be? :lol:

If you have any other questions I will be happy to try to answer them. If not, enjoy the internet and just know if you need us in the future all you have to do is give us a shout.

godawgs
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP