OTL.Txt opened and is saved on my desktop, but Extras.txt didn't and is nowhere to be found
Here are my combofix and OTL logs
ComboFix 11-05-30.06 - Ashley 05/30/2011 14:59:39.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1868 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Documents\CFScript.txt
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\drivers\bydajny.sys"
"c:\windows\System32\drivers\rdsrh.sys"
"c:\windows\System32\drivers\wontpg.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_oahol
-------\Service_ppjuq
-------\Service_xvukw
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 22:11 . 2011-05-30 22:15 -------- d-----w- c:\users\Ashley\AppData\Local\temp
2011-05-30 22:11 . 2011-05-30 22:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-30 22:11 . 2011-05-30 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 22:11 . 2011-05-30 22:11 -------- d-----w- c:\users\Cory\AppData\Local\temp
2011-05-30 21:49 . 2011-05-30 21:49 -------- d-----w- c:\program files\KeyTweak
2011-05-29 00:33 . 2011-05-29 00:33 -------- d-----w- c:\program files\Veetle
2011-05-24 21:44 . 2011-05-24 21:44 -------- d-----w- C:\VundoFix Backups
2011-05-22 23:11 . 2011-05-22 23:11 -------- d-----r- c:\program files\Norton Support
2011-05-13 03:18 . 2011-05-13 03:18 -------- d-----w- c:\users\Ashley\AppData\Roaming\inkscape
2011-05-13 03:04 . 2011-05-13 03:14 -------- d-----w- c:\program files\Inkscape
2011-05-05 15:45 . 2011-05-05 15:59 -------- d-----w- c:\users\Ashley\AppData\Roaming\PhotoScape
2011-05-05 15:45 . 2011-05-05 15:45 -------- d-----w- c:\program files\PhotoScape
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 21:45 . 2011-04-14 21:45 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-10 01:33 . 2011-04-10 01:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-10 01:33 . 2011-04-10 12:41 217136 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
2011-04-10 01:33 . 2011-04-10 12:41 89904 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symfw.sys
2011-04-10 01:33 . 2011-04-10 12:41 48688 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
2011-04-10 01:33 . 2011-04-10 12:41 43696 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
2011-04-10 01:33 . 2011-04-10 12:41 36400 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndis.sys
2011-04-10 01:33 . 2011-04-10 12:41 33072 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symids.sys
2011-04-10 01:33 . 2011-04-10 12:41 310320 ----a-w- c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
2011-04-10 01:33 . 2011-04-10 12:41 308272 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
2011-04-10 01:33 . 2011-04-10 01:33 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-04-10 01:33 . 2011-04-10 12:41 482432 ----a-w- c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
2011-04-10 01:33 . 2011-04-10 12:40 259632 ----a-w- c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
2011-04-10 01:33 . 2011-04-10 01:33 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-10 01:33 . 2011-04-10 01:33 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-03-10 17:03 . 2011-04-15 18:58 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 18:58 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 18:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25 . 2011-04-15 18:58 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 18:58 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-11-26 22:13 454656 --sh--r- c:\windows\System32\dMSC.dll
2010-01-03 17:34 203776 --sh--w- c:\windows\System32\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SWDM Viewer"="c:\progra~1\COMMON~1\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe" [2011-03-19 713728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-26 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-08-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-20 00:39 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MSWinIsmSys]
2010-11-26 22:13 454656 --sh--r- c:\windows\System32\dMSC.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 19:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-07-18 03:21 257440 ----a-w- c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 17:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 06:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-21 01:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RebateInformer]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-22 22:57 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 bcm;Beceem Communications Inc. Tarang3;c:\windows\system32\DRIVERS\drxvi314.sys [2009-01-20 233472]
R3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-01-20 54784]
R3 dump_wmimmc;dump_wmimmc;c:\ntreev usa\Pangya\GameGuard\dump_wmimmc.sys [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-15 3473644]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-20 12872]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
R4 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-01 691696]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2011-04-10 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2011-04-10 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2011-04-10 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110425.001\IDSvix86.sys [2011-03-30 353912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-20 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-20 67656]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2011-04-10 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-22 105592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2011-04-10 48688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 22:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3320)
c:\windows\System32\NLSData0009.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-30 15:29:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-30 22:29
ComboFix2.txt 2011-05-23 03:57
.
Pre-Run: 113,648,857,088 bytes free
Post-Run: 113,290,776,576 bytes free
.
- - End Of File - - 50FC88A08D26344FBA0EBD110B095425
OTL here
OTL logfile created on: 5/30/2011 3:31:51 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ashley\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 59.46% Memory free
5.94 Gb Paging File | 5.01 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.17 Gb Total Space | 105.56 Gb Free Space | 47.09% Space Free | Partition Type: NTFS
Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (SafeList) ========== MOD - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110530.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110530.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110425.001\IDSvix86.sys (Symantec Corporation)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (msvad_simple) -- C:\Windows\System32\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (bcm) -- C:\Windows\System32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (bcmbusctr) -- C:\Windows\System32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co...=TSHB&bmod=TSHBIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.c...rch/search.html IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 26 D9 3C A0 37 04 4B BF D1 73 F6 8E AE 3A 02 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 26 D9 3C A0 37 04 4B BF D1 73 F6 8E AE 3A 02 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://securityrespo...er/fix_homepageIE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 26 D9 3C A0 37 04 4B BF D1 73 F6 8E AE 3A 02 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://securityrespo...er/fix_homepageIE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 26 D9 3C A0 37 04 4B BF D1 73 F6 8E AE 3A 02 [binary data]
IE - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co...=TSHB&bmod=TSHBIE - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "
http://www.bing.com/...?FORM=IEFM1&q="FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngineURL: "
http://flvtubesearch...={searchTerms}"FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.msn.com/"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems:
[email protected]:4.0
FF - prefs.js..keyword.URL: "
http://flvtubesearch...bid=&Keywords="FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/07 10:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/26 01:06:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
[2009/12/19 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions
[2009/12/19 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions\
[email protected][2011/05/12 19:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions
[2011/01/18 16:08:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/18 17:48:18 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{97f8066b-6214-4968-9d5e-b3a95031f5a7}
[2010/08/13 08:28:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\
[email protected][2009/08/29 18:29:07 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\
[email protected][2009/08/05 16:23:57 | 000,000,681 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\ask.xml
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\askcom.xml
[2010/08/04 19:26:51 | 000,001,819 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing-1.xml
[2010/06/12 19:25:41 | 000,002,267 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing-zugo.xml
[2010/04/25 19:36:48 | 000,001,832 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing.xml
[2010/06/08 11:29:02 | 000,000,919 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\conduit.xml
[2009/08/24 18:40:41 | 000,002,179 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\inbox-search.xml
[2010/07/12 22:43:15 | 000,010,059 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\mywebsearch.xml
[2011/05/30 15:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 12:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 10:57:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/18 14:29:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/20 10:08:34 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/05/30 15:14:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/10/01 21:56:57 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/10/15 09:46:41 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/05/12 19:52:37 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/05/30 15:14:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000..\Run: [SWDM Viewer] C:\Program Files\Common Files\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\MSWinIsmSys: DllName - C:\Windows\system32\dMSC.dll - C:\Windows\System32\dMSC.dll ()
O24 - Desktop WallPaper: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/05/30 15:29:53 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\temp
[2011/05/30 15:15:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/30 14:56:09 | 004,108,494 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2011/05/30 14:54:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2011/05/30 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyTweak
[2011/05/30 14:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyTweak
[2011/05/30 14:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\KeyTweak
[2011/05/28 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011/05/24 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\SmitfraudFix
[2011/05/24 14:44:30 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/05/22 20:22:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/22 20:22:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/22 20:22:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/22 16:11:19 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2011/05/20 09:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/12 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\inkscape
[2011/05/12 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2011/05/05 08:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\PhotoScape
[2011/05/05 08:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2009/05/03 09:33:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ashley\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/05/30 15:14:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/30 15:14:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 15:14:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 15:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 15:12:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/30 14:56:27 | 004,108,494 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2011/05/30 14:54:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2011/05/23 12:19:52 | 000,609,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/23 12:19:52 | 000,106,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 16:12:55 | 000,205,824 | ---- | M] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 08:58:01 | 000,001,044 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\vso_ts_preview.xml
[2011/05/20 09:53:34 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/12 20:39:57 | 000,000,754 | ---- | M] () -- C:\Users\Ashley\.recently-used.xbel
[2011/05/05 09:23:56 | 000,006,648 | ---- | M] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/05/22 20:22:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 20:22:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 20:22:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 20:22:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 20:22:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/20 09:53:34 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/12 20:39:57 | 000,000,754 | ---- | C] () -- C:\Users\Ashley\.recently-used.xbel
[2011/02/15 16:15:55 | 000,004,900 | ---- | C] () -- C:\ProgramData\hvcatrnw.tht
[2011/01/27 16:10:04 | 002,074,869 | ---- | C] () -- C:\Users\Ashley\AppData\Local\026.JPG
[2011/01/27 16:09:44 | 002,030,085 | ---- | C] () -- C:\Users\Ashley\AppData\Local\025.JPG
[2011/01/27 16:09:18 | 002,088,759 | ---- | C] () -- C:\Users\Ashley\AppData\Local\022.JPG
[2011/01/27 16:09:06 | 002,063,859 | ---- | C] () -- C:\Users\Ashley\AppData\Local\021.JPG
[2010/12/16 17:10:55 | 000,000,053 | ---- | C] () -- C:\Windows\tower.dat
[2010/11/20 15:06:44 | 000,454,656 | RHS- | C] () -- C:\Windows\System32\dMSC.dll
[2010/06/15 11:07:24 | 000,000,335 | -HS- | C] () -- C:\ProgramData\1046560206
[2010/06/15 11:07:22 | 000,000,817 | ---- | C] () -- C:\ProgramData\1848733086
[2010/05/19 20:04:32 | 000,002,048 | RHS- | C] () -- C:\Users\Ashley\AppData\Local\.mscommonsrdrv.dat
[2010/03/16 19:14:26 | 000,011,102 | -HS- | C] () -- C:\Users\Ashley\AppData\Local\JbFeVbi1v
[2010/03/16 19:14:26 | 000,011,102 | -HS- | C] () -- C:\ProgramData\JbFeVbi1v
[2010/01/03 10:34:33 | 000,203,776 | -HS- | C] () -- C:\Windows\System32\unrar.exe
[2009/11/25 22:37:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/16 09:56:25 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2009/10/20 08:01:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 08:01:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/05 10:47:03 | 000,194,256 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/15 15:38:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/06 09:01:41 | 001,739,180 | ---- | C] () -- C:\Windows\System32\drivers\macxvi200.bin
[2009/06/07 11:33:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/06/07 10:49:02 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat.temp
[2009/06/07 10:29:45 | 000,150,400 | ---- | C] () -- C:\Windows\hpoins33.dat
[2009/06/05 17:48:14 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/05/03 09:35:12 | 000,001,044 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\vso_ts_preview.xml
[2009/05/03 09:33:28 | 000,007,887 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\pcouffin.cat
[2009/05/03 09:33:28 | 000,001,144 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\pcouffin.inf
[2009/04/27 18:35:52 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/04/27 17:34:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/21 05:44:32 | 000,006,648 | ---- | C] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2009/03/25 23:22:31 | 000,205,824 | ---- | C] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 20:02:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/24 19:15:50 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/02/24 19:15:48 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/02/02 11:41:22 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/02/02 11:41:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/02/02 11:41:22 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/02/02 11:41:22 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/12/10 13:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2008/08/18 11:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 11:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/18 11:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/18 11:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/18 11:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 19:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 19:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/04/24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,751,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,609,812 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,106,290 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ========== [2009/08/04 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\.gaim
[2011/02/15 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\avidemux
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Azureus
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\BitTorrent
[2010/08/12 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\DAEMON Tools Lite
[2010/08/01 15:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\DMCache
[2010/04/26 10:03:32 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\EasyJob Resume Builder
[2010/06/15 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Facebook
[2011/03/10 06:23:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\FrostWire
[2011/03/31 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\GetRightToGo
[2011/05/12 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\inkscape
[2010/05/19 18:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iolo
[2010/07/21 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iWin
[2010/08/19 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\LimeWire
[2010/11/18 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MMToolz
[2011/02/21 16:27:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MotionDSP
[2011/02/15 16:16:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MOVAVI
[2009/06/19 13:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\OLYMPUS
[2009/08/17 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Paltalk
[2010/09/26 18:25:57 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PFStaticIP
[2011/05/05 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PhotoScape
[2010/04/30 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PlayFirst
[2009/02/25 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\SmartDraw
[2009/09/12 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\StreamTorrent
[2010/01/26 15:34:43 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\thecleaner
[2009/03/09 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TOSHIBA
[2010/01/16 19:38:38 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TuneUp Software
[2010/05/19 18:12:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\URSoft
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\uTorrent
[2011/05/22 08:58:01 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Vso
[2009/05/13 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WeatherBug
[2009/03/09 09:04:17 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WildTangent
[2009/04/15 01:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WinBatch
[2011/05/30 15:12:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/21 23:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/21 23:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/21 23:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/21 23:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:80AB8E9A
< End of report >