Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing mystart incredibar


  • This topic is locked This topic is locked
21 replies to this topic

#1 creekdipper

creekdipper

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 24 November 2012 - 06:53 PM

Hello, I am having trouble removing the Mystart Incredibar from my computer. I have tried various removal methods, all of which have not removed it. I would greatly appreciate some help in removing this. Thanks!!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455
Run by Natalie at 17:31:12 on 2012-11-24
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA WWAN Manager\bin\gbxApp.exe
C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\program files\toshiba wwan manager\bin\gbx4log.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [Google Update] "c:\users\natalie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [GoogleChromeAutoLaunch_4846140637A8A9E7EC96268DAD771C14] "c:\users\natalie\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [coreworks] "c:\program files\toshiba wwan manager\bin\gbxapp.exe" runatstartup
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TUSBSleepChargeSrv] c:\program files\toshiba\toshiba usb sleep and charge utility\TUSBSleepChargeSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: LastPass - c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\program files\lastpass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A23846AC-8570-466C-9C1B-799C028152D4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A23846AC-8570-466C-9C1B-799C028152D4}\242716B656051646 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{A23846AC-8570-466C-9C1B-799C028152D4}\242716B656051646D27657563747 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{A23846AC-8570-466C-9C1B-799C028152D4}\65562796A7F6E602D494649443531303C4021344441302355636572756 : DHCPNameServer = 192.168.42.1
TCP: Interfaces\{A23846AC-8570-466C-9C1B-799C028152D4}\7456F627765623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A23846AC-8570-466C-9C1B-799C028152D4}\C416277656350727573656D27657563747 : DHCPNameServer = 192.168.1.254 192.168.33.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\natalie\appdata\roaming\mozilla\firefox\profiles\gf9katpk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6PQlgadVjN&i=26
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\best buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: c:\users\natalie\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\natalie\appdata\roaming\mozilla\firefox\profiles\gf9katpk.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? NWUSBCDFIL;Novatel Wireless Installation CD
R? NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN)
R? NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN)
R? NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN)
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RTL8167;Realtek 8167 NT Driver
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
R? WDC_SAM;WD SCSI Pass Thru driver
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? NWVZHelper;Novatel Wireless Verizon Device Helper
S? PGEffect;Pangu effect driver
S? pneteth;PdaNet Broadband
S? qcfiltersra2k;Gobi 2000 USB Composite Device Filter Driver(1199-9001)
S? qcusbnetsra2k;Gobi 2000 USB-NDIS miniport(1199-9001)
S? qcusbsersra2k;Gobi 2000 USB Device for Legacy Serial Communication(1199-9001)
S? QDLService2kSierra;Qualcomm Gobi 2000 Download Service (Sierra)
S? Thpdrv;TOSHIBA HDD Protection Driver
S? Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver
S? TMachInfo;TMachInfo
S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? TPCHSrv;TPCH Service
S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver
.
=============== Created Last 30 ================
.
2012-11-24 17:29:11 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a87df295-038e-49e8-82bf-c1512ba1f169}\mpengine.dll
2012-11-23 15:09:30 6812136 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-17 04:24:22 -------- d-----w- c:\program files\VideoLAN
2012-11-17 01:37:10 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-17 01:36:58 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-17 01:23:17 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-14 20:56:24 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6a883b93-1359-44bf-9934-41b156be09ca}\gapaengine.dll
2012-11-13 05:30:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 05:30:21 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-11-13 05:30:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-13 05:30:19 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-13 05:28:04 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-13 05:27:57 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-13 05:27:54 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-13 05:15:24 -------- d-----w- C:\97ac445aab786479e0c16618e92c2f03
.
==================== Find3M ====================
.
2012-11-11 17:26:44 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 17:26:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-11 14:11:24 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-11 14:11:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 04:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 04:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:39:58.55 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 25 November 2012 - 07:27 AM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 creekdipper

creekdipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 26 November 2012 - 02:18 AM

Hi, CatByte, thank you so much for helping me out!! I really appreciate it. I have a quick question - I have the same problem on another computer in the house - mystart incredibar. Should I make a separate post, or follow the same instructions on the other computer? Thanks again, you have no idea how much this help means!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.1 (11.25.2012)
OS: Windows 7 Home Premium x86
Ran by Natalie on Sun 11/25/2012 at 23:18:29.97
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Natalie\appdata\local\best buy pc app"



~~~ FireFox

Successfully deleted the following from C:\Users\Natalie\AppData\Roaming\mozilla\firefox\profiles\gf9katpk.default\prefs.js

user_pref("browser.startup.homepage", "http://mystart.incredibar.com/mb110?a=6PQlgadVjN&i=26");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/25/2012 at 23:26:10.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





# AdwCleaner v2.009 - Logfile created 11/25/2012 at 23:31:47
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Natalie - NATALIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Natalie\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\searchplugins\daemon-search.xml
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.64.1403.0

File : C:\Users\Natalie\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://my.daemon-search.com/

*************************

AdwCleaner[S1].txt - [1172 octets] - [25/11/2012 23:31:47]

########## EOF - C:\AdwCleaner[S1].txt - [1232 octets] ##########




OTL Extras logfile created on: 11/26/2012 12:27:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Natalie\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 72.37 Mb Available Physical Memory | 7.14% Memory free
1.99 Gb Paging File | 0.39 Gb Available in Paging File | 19.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.64 Gb Total Space | 168.79 Gb Free Space | 75.48% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 238.36 Gb Free Space | 25.59% Space Free | Partition Type: NTFS

Computer Name: NATALIE-PC | User Name: Natalie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5330F5-112A-42FB-A285-930E6C97826D}" = rport=139 | protocol=6 | dir=out | app=system |
"{0D051389-DF1D-440F-A5FC-460B632C2A86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BAC0A39-026B-45F1-B1FD-AF473401216C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DAE7508-77BD-47F2-B426-651314D5A383}" = lport=138 | protocol=17 | dir=in | app=system |
"{2FBE93BC-9FF4-492C-93B5-27F229EDCC20}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5561CD0F-3001-454A-BFA0-339739EAC17C}" = rport=138 | protocol=17 | dir=out | app=system |
"{55DE252A-0AE8-433D-BA6E-CD52EE3BFA06}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{63A385C6-CDB7-4996-9B11-8056D24F6A16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{69CF315E-12A2-49F0-AD5F-052189348706}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C721593-7005-47B3-86BD-24494EE86740}" = lport=137 | protocol=17 | dir=in | app=system |
"{70FBD9C1-3AFE-419C-86D4-6740DD73A79F}" = rport=137 | protocol=17 | dir=out | app=system |
"{74B64D50-3A4A-492C-8E45-E5EBEAF3775D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74CEE8A2-5F47-4173-9084-81FE66BC6587}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95D9CC40-B91E-4FC9-876D-8099C6228533}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{981990D3-6E8A-46D6-898D-353EEAF1123B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9C1B78D6-6312-4F89-9A64-742115440D45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A87E9573-9322-41CF-AC2F-7D2DB5A44806}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD3BBD84-8959-479B-8B60-6D10D837AE08}" = rport=445 | protocol=6 | dir=out | app=system |
"{B2AA0968-8DC8-4639-B06E-93C241E7A18E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B8A6C4ED-7779-4DC5-99AC-613670C5B25E}" = lport=445 | protocol=6 | dir=in | app=system |
"{BA5A4872-2C19-408E-A101-9AC10AD85BD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0A265F2-81F7-44F5-AECE-99587F4312AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C57DC902-934E-427A-AC5A-579613292F1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFF6F6E5-5262-40D0-A86A-9C3C65BAFC36}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031524ED-8F68-40ED-A8F2-AA9A2B494651}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{067DBFB6-6602-4CDB-A099-58345AEE3E3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D31B1AD-72F5-4ABC-9556-92C30183F7EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{338024CE-6DCC-4582-9AE0-563C36D16A89}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{34C3D07D-C033-43C1-8812-4A8179A9A5AB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{389C2B4E-774E-4CF0-80F3-0FE4EBAB7391}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42C5509E-80F4-484D-9732-2BC6D500B1C6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4DAA6A02-D8B9-4663-A14D-0EB9083AD2E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F62202B-ADB8-4F17-9EDE-03E8927C8013}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56F6A3A3-85A3-47FD-BEC0-2AC8BCB86E70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{61CA23EF-3171-447F-BD3C-C533BAFB04BA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{676293BC-2F15-4C12-BFAF-C2C483065A31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{748342B1-332E-41E2-AABB-AEC5D746582E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{7702A31F-2312-4D24-8B35-CBA718D09355}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82166C84-D41F-421E-A88B-E6AFB61BEFC7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8B9AECAF-51E5-4BC5-BD2C-BB69E412D5FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{939A23C4-D704-4667-899D-7E6B3EB03CAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AE943B1C-6645-4608-9239-E7A6D70D620E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B146A08A-7700-4C90-8C41-069A7897962A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B31B9B37-4AD5-4B59-93BE-3BDFE13D6EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4355164-DDBB-4513-9194-BDE13152B02B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B5314B6D-5A14-4C8B-8346-CA02A56DADA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BD7A6755-A182-4CED-A288-E82C6189F530}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0DB829F-E7E4-4654-BCCD-554E21F11E17}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C2734A43-DDD6-4659-A146-25A64F8F1EA0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CD4F656A-23DD-4D0E-BF07-B7EA3DAD3BC7}" = protocol=6 | dir=out | app=system |
"{E0EBBEB9-E87D-47F2-955B-43A99FC19429}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E225C826-0893-4E4C-90D9-B43F77BEA0F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E30AF3A1-0CB9-4562-B8FC-826E22763698}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF946FEB-EAAF-42DC-A9EA-79466DC9BC63}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F4D887D8-CE37-4F49-8227-294A47B50B28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F73547F5-20D6-48F7-9D69-9A2975D3FC82}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F9005A74-4FB5-445E-AC95-A36DF4E75233}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4919C460-6436-4F6F-8F5C-BEA44699E526}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{9DC61822-D0A5-425E-8081-2BC220CAC0ED}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780F9A1C-6BFE-4691-83A9-095D859E3052}" = VZAccess Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application and Driver Installer
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A23619B4-373D-4CA1-A204-A185203C0EBA}" = Qualcomm Gobi 2000 Package for Sierra
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD39060-5F6C-470A-A891-73ACC92ED8DB}" = TOSHIBA WWAN Manager
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6D17D97-44CE-402E-BBF2-B38492CBFED7}" = Garmin ANT Agent
"{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CAC2CF93-B532-4A88-81FE-110750C3E4BA}" = Verizon Wireless USB760 Firmware Updates
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D1F7C704-99F2-11E1-9C74-984BE15F174E}" = Evernote v. 4.5.6
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{F040E3D7-F81D-4A38-85AE-038F375198FC}" = BatchPurifier
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 11.64.1403" = Opera 11.64
"PdaNet_is1" = PdaNet for Android 3.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2012 1:40:04 AM | Computer Name = Natalie-PC | Source = TOSHIBA Service Station | ID = 0
Description = TSS Load: could not communicate with TMachInfo service

[ System Events ]
Error - 11/26/2012 1:36:52 AM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%-2147417831

Error - 11/26/2012 1:37:19 AM | Computer Name = Natalie-PC | Source = DCOM | ID = 10010
Description =

Error - 11/26/2012 1:38:46 AM | Computer Name = Natalie-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/26/2012 1:38:47 AM | Computer Name = Natalie-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/26/2012 1:38:48 AM | Computer Name = Natalie-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >





OTL logfile created on: 11/26/2012 12:27:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Natalie\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 72.37 Mb Available Physical Memory | 7.14% Memory free
1.99 Gb Paging File | 0.39 Gb Available in Paging File | 19.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.64 Gb Total Space | 168.79 Gb Free Space | 75.48% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 238.36 Gb Free Space | 25.59% Space Free | Partition Type: NTFS

Computer Name: NATALIE-PC | User Name: Natalie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/25 19:52:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Natalie\Downloads\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/09 08:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/03/23 15:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2011/04/29 14:00:14 | 000,477,736 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/03 19:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
PRC - [2010/04/26 11:38:54 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe
PRC - [2010/04/06 15:49:20 | 000,189,808 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2010/04/06 15:48:56 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2010/03/31 15:40:22 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2010/03/31 15:40:02 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2010/03/25 14:09:24 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010/03/18 20:51:44 | 000,117,224 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA WWAN Manager\bin\gbx4log.exe
PRC - [2010/03/18 20:51:42 | 000,637,416 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA WWAN Manager\bin\gbxApp.exe
PRC - [2010/03/03 13:17:48 | 000,030,040 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2010/02/05 18:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010/02/05 18:40:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/12/25 16:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/11/05 23:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/11/05 23:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/21 10:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 15:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/18 18:24:01 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/31 16:15:05 | 000,460,312 | ---- | M] () -- C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 16:15:04 | 012,455,448 | ---- | M] () -- C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 16:15:02 | 004,007,448 | ---- | M] () -- C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 16:13:47 | 000,587,288 | ---- | M] () -- C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 16:13:46 | 000,123,928 | ---- | M] () -- C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 16:13:35 | 000,156,712 | ---- | M] () -- C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 16:13:34 | 000,274,984 | ---- | M] () -- C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 16:13:32 | 002,168,360 | ---- | M] () -- C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/03/16 14:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 14:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/04/29 14:00:14 | 000,477,736 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
MOD - [2010/03/18 20:52:06 | 000,502,248 | ---- | M] () -- c:\Program Files\TOSHIBA WWAN Manager\bin\OsifUtils.dll
MOD - [2010/03/18 20:51:50 | 002,873,832 | ---- | M] () -- c:\Program Files\TOSHIBA WWAN Manager\bin\connmgr.dll
MOD - [2010/03/03 15:14:58 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
MOD - [2010/03/03 15:14:56 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
MOD - [2010/03/03 15:14:32 | 008,783,160 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2010/02/05 18:40:28 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/11/03 14:26:26 | 000,058,680 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/06/22 16:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll


========== Services (SafeList) ==========

SRV - [2012/11/11 11:27:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/08 20:26:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/19 20:13:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/03 19:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/04/26 11:38:54 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe -- (QDLService2kSierra)
SRV - [2010/04/06 15:49:20 | 000,189,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010/03/31 15:40:02 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010/02/05 18:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/11/05 23:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/21 10:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/10/08 20:25:01 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/02 16:49:08 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/04/26 08:58:22 | 000,209,408 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbnetsra2k.sys -- (qcusbnetsra2k)
DRV - [2010/04/26 08:58:22 | 000,106,880 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbsersra2k.sys -- (qcusbsersra2k)
DRV - [2010/04/26 08:58:22 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcfiltersra2k.sys -- (qcfiltersra2k)
DRV - [2010/03/12 12:23:14 | 000,189,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/11/06 13:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/30 22:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/06/29 17:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009/06/29 11:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/09/06 14:53:12 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{E994C96F-F23C-466E-A42C-B41004169F4D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHTDF&pc=MATB&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5D8E0437-C0D0-4E21-B9CF-4B996E3B1921}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{94BDCB95-977B-485A-8F3C-033D05363BDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHTDF&pc=MATB&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9624CF62-F2CB-4362-B8C6-3B948AED0300}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6
FF - prefs.js..extensions.enabledAddons: DesktopWatcher@Bonktown.com:1.8.4
FF - prefs.js..extensions.enabledAddons: john@velvetcache.org:1.3.7
FF - prefs.js..extensions.enabledAddons: netvideohunter@netvideohunter.com:1.9.1
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: yesscript@userstyles.org:1.9
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledAddons: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:6.3
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {fa038e8f-d1d1-11db-9705-005056c00008}:1.8.4
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Natalie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Natalie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/24 21:32:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/11/24 21:32:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/12/23 23:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Extensions
[2011/07/02 19:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/23 23:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/11/22 01:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions
[2011/08/31 21:10:30 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/08/08 20:37:18 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2012/08/08 20:38:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/11/22 00:18:23 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\ALone-live@ya.ru
[2011/09/06 06:10:05 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\netvideohunter@netvideohunter.com
[2012/05/15 17:28:26 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\piclens@cooliris.com
[2012/08/08 20:34:15 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\support@lastpass.com
[2012/08/08 20:33:35 | 000,344,664 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\autopager@mozilla.org.xpi
[2012/05/15 17:27:25 | 000,117,199 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\DesktopWatcher@Bonktown.com.xpi
[2011/09/17 13:37:39 | 000,017,677 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\john@velvetcache.org.xpi
[2011/05/07 14:00:27 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\personas@christopher.beard.xpi
[2011/05/07 13:56:39 | 000,053,072 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\yesscript@userstyles.org.xpi
[2012/08/08 20:34:23 | 000,505,801 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/11/22 00:18:23 | 000,318,530 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2012/11/22 00:18:23 | 000,527,187 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/12/18 03:28:38 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/08/08 20:37:27 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/05/15 17:30:02 | 000,076,074 | ---- | M] () (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\extensions\{fa038e8f-d1d1-11db-9705-005056c00008}.xpi
[2012/08/08 20:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/08 20:26:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/08 20:26:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/08 20:26:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Natalie\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Natalie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Craigslist Notification = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aenadocogjnkbmchfnkpipdinoleakbj\1.1.0.52_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: craigslist pop. = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja\2.55_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: TooManyTabs for Chrome = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.4_0\
CHR - Extension: PriceBlink = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\3.5_0\
CHR - Extension: Best Shopping Apps = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apogpjodnepfjkmkbaabajfpmabeggog\1.0.0.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.17_0\
CHR - Extension: SocialReviver = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald\3.15_0\
CHR - Extension: YouTube = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Minimalist for Everything [Beta] = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek\0.5.20_0\
CHR - Extension: eBay Web App = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_1\
CHR - Extension: Google Search = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: GAIN Fitness = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpompjlmddcnpijabjfcgnpmoibdffoc\1.0.0_0\
CHR - Extension: Tareem Extender = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcgpjemdlhkehjpibldielpoodpjgjc\5.0.0_1\
CHR - Extension: Gmelius - Ad Remover and Better UI for Gmail\u2122 = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.6.3_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.0_0\
CHR - Extension: Session Buddy = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.0.20_0\
CHR - Extension: Gmail Offline = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_1\
CHR - Extension: Google Calendar = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Facebook Background Changer = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnlfbokmiehpnhgdjlmedakkchfldmj\4.0.12_0\
CHR - Extension: PanicButton = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: YoWindow Weather = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.41_0\
CHR - Extension: Pin anything, anywhere. Just press the button and an overlay window will appear. = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl\6.3_0\
CHR - Extension: The Best Price = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdgboikkhiolindpecadnmnnnpnncdb\2.2.0.12_0\
CHR - Extension: Full Screen Weather = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Tab Menu = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\galfofdpepkcahkfobimileafiobdplb\7_0\
CHR - Extension: Scribble Maps = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhoiddbgfhccnhnafghphdmlaofgeh\1.0.0.0_0\
CHR - Extension: my6sense for Twitter = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfapcdmihoaonadamgijbcocmpofkkjo\1.0.8_0\
CHR - Extension: AdBlock = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_1\
CHR - Extension: Twitter + Facebook Like = \u2665 = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmggjapajigokddabdmhafkdhmbninen\1.0_0\
CHR - Extension: TweetDeck = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.1.1_0\
CHR - Extension: AppJump App Launcher and Organizer = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hccbinpobnjcpckmcfngmdpnbnjpmcbd\0.9.2_1\
CHR - Extension: LastPass = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.14_1\
CHR - Extension: LeftLane Sports = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hheadllghpjfopofhidldnjmjocmlcld\1.1_0\
CHR - Extension: Tweet Button for Chrome (by Shareaholic) = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\homldgnlpldcmdflhnabedgkgpmeanhd\2.1.0_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.54_1\
CHR - Extension: wikiHow Survival Kit = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0\
CHR - Extension: Valuid - Free ads = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifgmhhkblhlclhfmbhgagloflnkekmkd\1.30_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Weather Window by WeatherBug = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: Forecastfox = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: Power Twitter for Google Chrome\u2122 = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iieehhjfejnoljbnnhfnhibcjhmifffo\1.80_0\
CHR - Extension: 60 Minutes = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjhdahelgojehmfmkmdfjcpfbglbfmj\0.60_0\
CHR - Extension: Up = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohgglcbddjknnemakghbjadinmopafl\1.4_0\
CHR - Extension: Lose It! = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn\3.5.0.3_0\
CHR - Extension: Disconnect = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.1.1_0\
CHR - Extension: Yoono - Twitter, Facebook, LinkedIn, YouTube\u2122 = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\0.2.7.17_0\
CHR - Extension: BBC Good Food = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0\
CHR - Extension: Evernote Web = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: PigeonMap Classifieds = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaehnnhfbbfbfglhjhnppacekmgcjbd\1.1_0\
CHR - Extension: Open Tweet Streamer = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbehinjacalkpaiadenmalofkdnppne\0.6.0_0\
CHR - Extension: Google Maps = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Phone 2 Google Chrome\u2122 = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\3.3_0\
CHR - Extension: Illimitux = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
CHR - Extension: Session Manager = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.3_0\
CHR - Extension: Mint = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg\1.5_0\
CHR - Extension: Weather Watcher Live = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\migekhbneabjkfadmgpimohcoclbbcfp\1.0.15_0\
CHR - Extension: Ghostery = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_1\
CHR - Extension: AutoPager Chrome = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.7.1.4_0\
CHR - Extension: Time Tracker = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokmnbikneoaenmckfmgjgjimphfojkd\1.0.9_0\
CHR - Extension: Google bookmarks = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfieeekinhmpmgnonkgbmklfdheojoni\3.2.0_0\
CHR - Extension: Facebook Notifications = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: ezLinkPreview = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnkcfbiefgdaceeplickkkmifpicbpcc\5.21_0\
CHR - Extension: Iconized Bookmarks Popup = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgonnihpamikjkfckpolamefpniicak\1.8.3_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: WealthLift Learn = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhcopaaicojnaejmcoanddoeekodemk\1.1.0.0_0\
CHR - Extension: GearSnyper = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegcjplimfhhpfmeinibngbldedckjc\1.3.1_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\
CHR - Extension: Weather Underground = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Learn Spanish - Qu\u00E9 Onda Spanish = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj\1_0\
CHR - Extension: Economist Radio = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokaljfafjmhnoofahjignaelkgahpml\1.81_0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [coreworks] C:\Program Files\TOSHIBA WWAN Manager\bin\gbxapp.exe (Toshiba)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A23846AC-8570-466C-9C1B-799C028152D4}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ec04145-4f95-11e1-b995-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{6ec04145-4f95-11e1-b995-00a0c6000000}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/25 23:17:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2012/11/25 23:10:39 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/25 22:35:55 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\Austin Powers
[2012/11/24 21:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/24 21:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/24 21:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/24 21:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/24 21:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/24 21:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/24 19:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2012/11/24 18:06:53 | 000,018,944 | ---- | C] (Silicon Laboratories) -- C:\windows\System32\drivers\SiLib.sys
[2012/11/24 18:06:53 | 000,014,848 | ---- | C] (Silicon Laboratories) -- C:\windows\System32\drivers\DSI_SiUSBXp_3_1.sys
[2012/11/24 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/11/16 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\vlc
[2012/11/16 22:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/16 22:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/11/12 23:15:24 | 000,000,000 | ---D | C] -- C:\97ac445aab786479e0c16618e92c2f03
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/26 00:18:12 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/26 00:10:02 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1878995076-3869585777-1699579189-1000UA.job
[2012/11/26 00:07:02 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/25 23:45:24 | 000,019,664 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 23:45:24 | 000,019,664 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 23:36:22 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 23:35:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/25 23:35:26 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/25 22:00:19 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/25 22:00:19 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/25 21:10:02 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1878995076-3869585777-1699579189-1000Core.job
[2012/11/22 05:30:23 | 000,000,952 | ---- | M] () -- C:\Users\Natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/11/20 23:55:26 | 000,049,388 | ---- | M] () -- C:\Users\Natalie\Desktop\youll-never-look-at-soap-dispensers-the-same-way-again.jpg
[2012/11/18 18:21:55 | 000,417,152 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/14 14:39:41 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/20 23:37:51 | 000,049,388 | ---- | C] () -- C:\Users\Natalie\Desktop\youll-never-look-at-soap-dispensers-the-same-way-again.jpg
[2012/08/06 22:51:36 | 000,000,000 | ---- | C] () -- C:\Users\Natalie\defogger_reenable
[2011/09/16 22:00:33 | 000,191,272 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/07/31 18:22:45 | 000,645,632 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/07/31 18:22:45 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/05/23 11:04:20 | 000,000,120 | ---- | C] () -- C:\windows\QUICKEN.INI
[2011/05/12 20:49:04 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/05/11 09:50:33 | 000,004,608 | ---- | C] () -- C:\Users\Natalie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 16:57:26 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/18 08:53:02 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/07/31 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\DAEMON Tools Lite
[2012/05/15 06:13:24 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Digital Confidence
[2011/12/23 23:32:39 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Flickr
[2012/11/24 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Garmin
[2011/05/10 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\GetRightToGo
[2012/08/05 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\KeePass
[2011/09/12 21:52:49 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Opera
[2011/07/02 19:22:05 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Thunderbird
[2011/05/05 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Tific
[2011/05/07 17:03:45 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Toshiba
[2012/11/24 00:38:13 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\uTorrent
[2011/05/04 16:56:50 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545025B9A300 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Toshiba External USB 3.0 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 224.00GB
Starting Offset: 1573912576
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 241702010880
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0


< End of report >

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 26 November 2012 - 09:06 AM

Should I make a separate post, or follow the same instructions on the other computer?

let's clean this computer up first, then we can move on to this second computer


Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 creekdipper

creekdipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 29 November 2012 - 03:08 AM

Hi CatByte, here is the log...

ComboFix 12-11-28.02 - Natalie 11/29/2012 0:49.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.168 [GMT -6:00]
Running from: c:\users\Natalie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt
c:\windows\system32\pt\ThpProp.exe.mui
c:\windows\system32\pt\ThpSrv.exe.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 07:03 . 2012-11-29 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 05:37 . 2012-11-26 05:37 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-11-26 05:37 . 2012-11-26 05:37 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-11-26 05:37 . 2012-11-26 05:37 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-11-26 05:37 . 2012-11-26 05:37 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-11-26 05:37 . 2012-11-26 05:37 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-11-26 05:37 . 2012-11-26 05:37 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-11-26 05:36 . 2012-11-26 05:36 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-11-26 05:36 . 2012-11-26 05:36 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-11-26 05:36 . 2012-11-26 05:36 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-11-26 05:36 . 2012-11-26 05:36 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-11-26 05:36 . 2012-11-26 05:36 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-11-26 05:36 . 2012-11-26 05:36 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-11-26 05:36 . 2012-11-26 05:36 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-11-26 05:36 . 2012-11-26 05:36 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-11-26 05:36 . 2012-11-26 05:36 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-11-26 05:36 . 2012-11-26 05:36 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-11-26 05:36 . 2012-11-26 05:36 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-11-26 05:17 . 2012-11-26 05:17 -------- d-----w- c:\windows\ERUNT
2012-11-26 05:10 . 2012-11-26 05:10 -------- d-----w- C:\JRT
2012-11-25 03:32 . 2012-11-25 03:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-25 03:32 . 2012-11-25 03:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-25 03:32 . 2012-11-25 03:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-25 03:32 . 2012-11-25 03:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-25 03:32 . 2012-11-25 03:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-25 03:32 . 2012-11-25 03:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-25 03:32 . 2012-11-25 03:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-11-25 03:31 . 2012-11-25 03:32 -------- d-----w- c:\program files\QuickTime
2012-11-25 03:23 . 2012-08-21 19:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-25 03:20 . 2012-11-25 03:20 -------- d-----w- c:\program files\iPod
2012-11-25 03:20 . 2012-11-25 03:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-25 03:20 . 2012-11-25 03:23 -------- d-----w- c:\program files\iTunes
2012-11-25 01:01 . 2012-11-25 01:01 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-11-25 00:06 . 2007-09-06 20:53 18944 ----a-w- c:\windows\system32\drivers\SiLib.sys
2012-11-25 00:06 . 2007-09-06 20:53 14848 ----a-w- c:\windows\system32\drivers\DSI_SiUSBXp_3_1.sys
2012-11-17 04:27 . 2012-11-26 04:32 -------- d-----w- c:\users\Natalie\AppData\Roaming\vlc
2012-11-17 04:24 . 2012-11-17 04:24 -------- d-----w- c:\program files\VideoLAN
2012-11-17 01:37 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-17 01:36 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-17 01:23 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-13 05:30 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 05:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-11-13 05:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-13 05:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-13 05:28 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-13 05:27 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-13 05:27 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-13 05:15 . 2012-11-13 05:27 -------- d-----w- C:\97ac445aab786479e0c16618e92c2f03
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-11 17:26 . 2012-05-16 12:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 17:26 . 2012-05-16 12:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-09-11 14:11 . 2012-05-15 12:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-11 14:11 . 2011-10-02 23:16 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-09 02:26 . 2012-08-09 02:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"GoogleChromeAutoLaunch_4846140637A8A9E7EC96268DAD771C14"="c:\users\Natalie\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-11-14 1242728]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"coreworks"="c:\program files\TOSHIBA WWAN Manager\bin\gbxapp.exe" [2010-03-19 637416]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-04-06 1328480]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-03-31 611672]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2012-5-6 477736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [x]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 QDLService2kSierra;Qualcomm Gobi 2000 Download Service (Sierra);c:\program files\QUALCOMM\QDLService2k\QDLService2kSierra.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 qcfiltersra2k;Gobi 2000 USB Composite Device Filter Driver(1199-9001);c:\windows\system32\DRIVERS\qcfiltersra2k.sys [x]
S3 qcusbnetsra2k;Gobi 2000 USB-NDIS miniport(1199-9001);c:\windows\system32\DRIVERS\qcusbnetsra2k.sys [x]
S3 qcusbsersra2k;Gobi 2000 USB Device for Legacy Serial Communication(1199-9001);c:\windows\system32\DRIVERS\qcusbsersra2k.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 17:27]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-18 17:50]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-18 17:50]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1878995076-3869585777-1699579189-1000Core.job
- c:\users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-08 12:55]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1878995076-3869585777-1699579189-1000UA.job
- c:\users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-08 12:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\gf9katpk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-29 01:08:47
ComboFix-quarantined-files.txt 2012-11-29 07:08
.
Pre-Run: 183,553,654,784 bytes free
Post-Run: 184,399,020,032 bytes free
.
- - End Of File - - 3E866E55D4B66796D8F6D663033B560D

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 29 November 2012 - 07:56 AM

Please do the following:

Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT


Posted Image Your Java is out of date.
Java™ 7 Update 7can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 creekdipper

creekdipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 01 December 2012 - 02:41 PM

Hey CatByte, the Eset Online Scanner said it didn't find anything wrong...


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.01.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Natalie :: NATALIE-PC [administrator]

11/30/2012 7:31:20 PM
mbam-log-2012-11-30 (19-31-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208768
Time elapsed: 20 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 01 December 2012 - 03:10 PM

how is the computer running now?

are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 creekdipper

creekdipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 01 December 2012 - 03:27 PM

It's running great!! I opened Firefox, and there's no sign of the mystart incredibar. Thank you so much!!!

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 01 December 2012 - 03:29 PM

ok

let's move on to the second computer

start with DDS and the tools I asked for in post 2

http://www.bleepingcomputer.com/forums/topic476378.html/page__view__findpost__p__2905009

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 creekdipper

creekdipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 01 December 2012 - 08:58 PM

Hey CatByte, ok here is the other computer.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Nat at 19:47:48 on 2012-12-01
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 4\DfSdkS64.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Garmin\Training Center\gStart.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\Freecorder 5\FLVSrvc.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\BTGUARD\uTorrent.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilities.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveSecurity.exe
C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CatcherBHO Class: {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe
uRun: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
uRun: [GoogleChromeAutoLaunch_D3EAF3313CCDBBCB394649027035FD8D] "C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [UIWatcher] C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
uRun: [GoogleChromeAutoLaunch_8BE40564AC383C2899573C16E7E24611] "C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe" --no-startup-window
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder 5\FLVSrvc.exe" /run
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - <orphaned>
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8115262A-6667-483C-8DAB-2CCE60DE607E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8115262A-6667-483C-8DAB-2CCE60DE607E}\2375942554939373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8115262A-6667-483C-8DAB-2CCE60DE607E}\34963736F67453233353 : DHCPNameServer = 192.168.1.1 192.168.2.254
TCP: Interfaces\{8115262A-6667-483C-8DAB-2CCE60DE607E}\46962747E696E6A616374716E6D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{8115262A-6667-483C-8DAB-2CCE60DE607E}\84F6C69646169794E6E654870727563737F5230323 : DHCPNameServer = 4.2.2.2 4.2.2.1
TCP: Interfaces\{8115262A-6667-483C-8DAB-2CCE60DE607E}\A43555027596649643 : DHCPNameServer = 10.100.100.1 209.55.5.10 209.55.5.11
TCP: Interfaces\{8115262A-6667-483C-8DAB-2CCE60DE607E}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: igfxcui - <no file>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - <orphaned>
x64-DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_64.CAB
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6PQlgadVjN&i=26
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQlgadVjN&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 77b0fcad00000000000000238b7cfdf5
FF - user.js: extensions.incredibar_i.hardId - 77b0fcad00000000000000238b7cfdf5
FF - user.js: extensions.incredibar_i.instlDay - 15353
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:53:56
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQlgadVjN
FF - user.js: extensions.incredibar_i.upn2n - 92542196236088359
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSHA;AVGIDSHA
R? Avgrkx64;AVG Anti-Rootkit Driver
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? esgiguard;esgiguard
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? massfilter;Mass Storage Filter Driver
R? MEMSWEEP2;MEMSWEEP2
R? NWUSBCDFIL64;Novatel Wireless Installation CD
R? NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN)
R? NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN)
R? NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN)
R? prwntdrv;prwntdrv
R? SBSDWSCService;SBSD Security Center Service
R? SkypeUpdate;Skype Updater
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? ZTEusbgps;ZTE GPS Port
R? ZTEusbnmeaext;ZTE NMEAExt Port
S? a2acc;a2acc
S? a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service
S? A2DDA;A2 Direct Disk Access Support Driver
S? a2injectiondriver;a2injectiondriver
S? a2util;a-squared Malware-IDS utility driver
S? AESTFilters;Andrea ST Filters Service
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? avgwd;AVG WatchDog
S? DfSdkS;Defragmentation-Service
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? enecir;ENE CIR Receiver
S? hpsrv;HP Service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? McciCMService64;McciCMService64
S? MotoHelper;MotoHelper Service
S? NAUpdate;Nero Update
S? NWVZHelper;Novatel Wireless Verizon Device Helper
S? RTL8167;Realtek 8167 NT Driver
S? WDBackup;WD Backup
S? WDC_SAM;WD SCSI Pass Thru driver
S? WDDriveService;WD Drive Manager
S? WDRulesService;WD Rules
S? WRkrn;WRkrn
.
=============== Created Last 30 ================
.
2012-12-02 01:49:38 -------- d-----w- C:\Users\Nat\AppData\Local\Western_Digital
2012-12-02 01:44:57 -------- d-----w- C:\Program Files\Western Digital
2012-12-02 01:43:23 -------- d-----w- C:\Program Files (x86)\Western Digital
2012-12-02 01:43:23 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
2012-12-02 01:42:25 -------- d-----w- C:\ProgramData\Western Digital
2012-11-29 06:06:34 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-28 04:33:51 -------- d-----w- C:\Users\Nat\AppData\Roaming\TuneUp Software
2012-11-28 04:28:54 -------- d-----w- C:\ProgramData\TuneUp Software
2012-11-28 04:27:05 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-11-28 04:19:44 -------- d-----w- C:\Users\Nat\AppData\Local\Evernote
2012-11-28 04:17:13 -------- d-----w- C:\Program Files (x86)\Evernote
2012-11-28 03:20:24 -------- d-----w- C:\Program Files (x86)\EMCO
2012-11-26 01:10:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-26 01:09:38 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-11-26 01:09:38 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-11-26 01:09:37 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-11-26 01:09:36 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-11-24 07:08:23 -------- d-----w- C:\Users\Nat\Jaikoz
2012-11-24 06:48:11 -------- d-----w- C:\Program Files (x86)\Unlocker
2012-11-16 09:20:06 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 09:20:06 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 09:20:06 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 09:20:06 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 09:03:22 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 09:03:21 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 09:03:21 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 09:03:21 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 09:03:15 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 09:03:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 09:03:14 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 05:02:23 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-16 05:02:23 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-13 18:29:19 -------- d-----w- C:\Program Files\Motorola Inc
2012-11-13 18:29:18 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2012-11-13 18:28:44 -------- d-----w- C:\Program Files (x86)\Motorola
2012-11-12 05:59:18 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 17:54:53 163056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-11-11 17:47:54 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-11-11 17:47:54 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-11-11 17:47:47 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-11 17:47:47 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-11 17:47:15 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-11-11 17:47:15 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-11-11 17:45:59 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-11-11 17:45:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-11-11 17:45:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-11-11 17:45:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-11-11 17:45:58 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-11-11 17:45:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-10-25 09:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-09 04:56:35 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-09 04:56:35 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-09 04:55:28 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-09 04:55:28 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 19:55:52.34 ===============

Attached Files



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 01 December 2012 - 09:01 PM

ok good, thanks

please download and run the tools from this post

http://www.bleepingcomputer.com/forums/topic476378.html/page__view__findpost__p__2905009

post all the logs

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 creekdipper

creekdipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 01 December 2012 - 11:21 PM

Hey CatByte, here are the logs. I can't seem to find the location of the adwcleaner file, so I will run it again and then post it when my computer reboots.

Here is the OTL.txt File:
OTL logfile created on: 12/1/2012 9:28:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nat\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 61.61% Memory free
7.81 Gb Paging File | 4.63 Gb Available in Paging File | 59.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 40.39 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive E: | 1.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NAT-PC | User Name: Nat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/01 07:43:14 | 001,275,496 | ---- | M] (Google Inc.) -- C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe
PRC - [2012/11/25 19:25:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nat\Downloads\OTL.exe
PRC - [2012/10/26 15:24:12 | 001,017,184 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/09/06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 10:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/13 16:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2012/03/23 14:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
PRC - [2012/02/23 10:17:02 | 003,046,224 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 08:05:26 | 002,535,808 | ---- | M] (ashampoo GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
PRC - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/03/24 01:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder 5\FLVSrvc.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\Training Center\gStart.exe
PRC - [2007/06/27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/01 07:43:12 | 000,460,904 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\25.0.1346.0\ppgooglenaclpluginchrome.dll
MOD - [2012/12/01 07:43:10 | 004,055,656 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\25.0.1346.0\pdf.dll
MOD - [2012/12/01 07:42:25 | 000,596,584 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\25.0.1346.0\libglesv2.dll
MOD - [2012/12/01 07:42:25 | 000,124,520 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\25.0.1346.0\libegl.dll
MOD - [2012/12/01 07:42:23 | 001,553,000 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\25.0.1346.0\ffmpegsumo.dll
MOD - [2012/11/27 21:43:17 | 000,460,904 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012/11/27 21:43:16 | 012,456,040 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012/11/27 21:43:15 | 004,008,040 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012/11/27 21:42:30 | 000,587,880 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012/11/27 21:42:29 | 000,124,520 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012/11/27 21:42:22 | 000,157,304 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012/11/27 21:42:21 | 002,168,952 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012/11/27 21:42:21 | 000,275,576 | ---- | M] () -- C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012/09/08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/07/04 15:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/07/16 17:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2012/11/25 19:09:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/02/23 10:17:02 | 003,046,224 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/27 21:07:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/06/14 11:00:48 | 000,270,848 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/13 12:16:32 | 000,548,704 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 4\DfSdkS64.exe -- (DfSdkS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/22 22:23:03 | 000,111,592 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\1D4A.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 20:02:58 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/25 18:39:00 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\prwntdrv.sys -- (prwntdrv)
DRV:64bit: - [2010/07/16 17:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 17:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/07/08 10:52:32 | 000,256,512 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/07/08 10:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV:64bit: - [2010/07/08 10:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV:64bit: - [2010/07/08 10:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV:64bit: - [2010/07/08 10:52:32 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2010/06/25 11:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/15 11:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2008/04/15 11:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV:64bit: - [2008/04/15 11:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2008/04/15 11:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/04/15 11:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV:64bit: - [2008/04/15 11:17:32 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2007/09/06 14:53:12 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV:64bit: - [2007/04/25 12:50:04 | 000,036,864 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV - [2011/11/02 10:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2011/01/27 05:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/08/25 18:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\prwntdrv.sys -- (prwntdrv)
DRV - [2010/05/05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/08/14 07:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 07:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 48 CE 46 5B B0 CB 01 [binary data]
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\SearchScopes\{93E7BB98-243A-4B02-9E2F-231E7E215423}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\SearchScopes\{CCA96D11-104D-43E9-A579-EFAD8E911EA0}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\SearchScopes\{E42BE6D4-2E95-E1CA-6A65-D0D081FEEEB1}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: john@velvetcache.org:1.3.7
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: weatherwatcherlive@singerscreations.com:1.0.17
FF - prefs.js..extensions.enabledAddons: yesscript@userstyles.org:1.9
FF - prefs.js..extensions.enabledAddons: youtubedownloader@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledAddons: ytvdw@pgport.com:1.1.4
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledAddons: {42975993-6fa0-46f5-a45f-706915f18ebf}:1.1
FF - prefs.js..extensions.enabledAddons: {7edcdfc0-3056-11e0-91fa-0800200c9a66}:0.1
FF - prefs.js..extensions.enabledAddons: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.8
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: DesktopWatcher@Bonktown.com:1.8.4
FF - prefs.js..extensions.enabledAddons: {36f56fe4-2739-371f-774b-70121b5d5f2e}:1.8.4
FF - prefs.js..extensions.enabledAddons: {fa038e8f-d1d1-11db-9705-005056c00008}:1.8.4
FF - prefs.js..extensions.enabledAddons: status4evar@caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:6.3
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.2.0
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:1.3
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {fa038e8f-d1d1-11db-9705-005056c00008}:1.8.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: DesktopWatcher@Bonktown.com:1.8.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: ytvdw@pgport.com:1.1.4
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nat\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nat\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/24 22:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/25 19:09:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/11 12:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/11 12:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/09/05 12:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Extensions
[2011/01/10 21:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/05 12:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2011/02/13 20:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/12/01 20:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions
[2012/11/24 22:45:09 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/08/26 16:46:56 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/06/04 05:26:57 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/02 04:21:02 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/08/30 23:14:06 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2012/08/30 23:14:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/30 23:13:58 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\ALone-live@ya.ru
[2012/11/24 22:45:06 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\foxmarks@kei.com
[2011/03/12 22:52:33 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\personas@christopher.beard
[2012/03/08 21:38:00 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\piclens@cooliris.com
[2012/11/24 22:44:30 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\amznUWL2@amazon.com.xpi
[2012/11/24 22:44:43 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\autopager@mozilla.org.xpi
[2012/04/04 08:46:06 | 000,117,199 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\DesktopWatcher@Bonktown.com.xpi
[2011/09/24 07:03:13 | 000,017,677 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\john@velvetcache.org.xpi
[2011/11/03 16:13:55 | 000,580,931 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\next@scribefire.com.xpi
[2012/11/24 22:01:48 | 000,371,729 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\smarterwiki@wikiatic.com.xpi
[2012/08/30 23:13:58 | 000,163,080 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\status4evar@caligonstudios.com.xpi
[2011/05/10 21:07:19 | 000,758,641 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\weatherwatcherlive@singerscreations.com.xpi
[2011/05/10 21:07:19 | 000,053,072 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\yesscript@userstyles.org.xpi
[2012/11/24 22:45:11 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/11/24 22:01:47 | 000,317,623 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2012/04/04 08:46:08 | 000,170,990 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{36f56fe4-2739-371f-774b-70121b5d5f2e}.xpi
[2011/06/10 03:15:06 | 000,009,833 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{42975993-6fa0-46f5-a45f-706915f18ebf}.xpi
[2012/11/24 22:45:16 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/09/24 07:03:15 | 000,001,229 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{7edcdfc0-3056-11e0-91fa-0800200c9a66}.xpi
[2011/09/05 18:45:18 | 000,456,652 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2012/11/24 22:01:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/01 21:17:00 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/08/30 23:14:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/04/04 08:46:17 | 000,076,074 | ---- | M] () (No name found) -- C:\Users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\rkfmn6ab.default\extensions\{fa038e8f-d1d1-11db-9705-005056c00008}.xpi
[2012/11/25 19:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
File not found (No name found) -- C:\USERS\NAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RKFMN6AB.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM
[2012/11/25 19:09:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/11 15:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/11/25 19:09:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/25 19:09:34 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nat\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nat\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Craigslist Notification = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aenadocogjnkbmchfnkpipdinoleakbj\1.1.0.52_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: craigslist pop. = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja\2.57_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: TooManyTabs for Chrome = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.4_0\
CHR - Extension: PriceBlink = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\3.5_0\
CHR - Extension: Best Shopping Apps = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apogpjodnepfjkmkbaabajfpmabeggog\1.0.0.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.17_0\
CHR - Extension: SocialReviver = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald\3.15_0\
CHR - Extension: YouTube = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Minimalist for Everything [Beta] = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek\0.5.20_0\
CHR - Extension: eBay Web App = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\
CHR - Extension: Google Search = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: GAIN Fitness = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpompjlmddcnpijabjfcgnpmoibdffoc\1.0.0_0\
CHR - Extension: Tareem Extender = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcgpjemdlhkehjpibldielpoodpjgjc\5.0.0_0\
CHR - Extension: Gmelius - Ad Remover and Better UI for Gmail\u2122 = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.6.3_1\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.0_1\
CHR - Extension: Session Buddy = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.0.20_0\
CHR - Extension: Gmail Offline = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Google Calendar = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Facebook Background Changer = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnlfbokmiehpnhgdjlmedakkchfldmj\4.0.12_0\
CHR - Extension: PanicButton = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: YoWindow Weather = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.41_0\
CHR - Extension: Pin anything, anywhere. Just press the button and an overlay window will appear. = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl\6.3_0\
CHR - Extension: The Best Price = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdgboikkhiolindpecadnmnnnpnncdb\2.2.0.12_0\
CHR - Extension: Full Screen Weather = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Tab Menu = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\galfofdpepkcahkfobimileafiobdplb\7_0\
CHR - Extension: Scribble Maps = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhoiddbgfhccnhnafghphdmlaofgeh\1.0.0.0_0\
CHR - Extension: my6sense for Twitter = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfapcdmihoaonadamgijbcocmpofkkjo\1.0.8_0\
CHR - Extension: AdBlock = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\
CHR - Extension: Twitter + Facebook Like = \u2665 = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmggjapajigokddabdmhafkdhmbninen\1.0_0\
CHR - Extension: TweetDeck = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.1.2_0\
CHR - Extension: AppJump App Launcher and Organizer = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hccbinpobnjcpckmcfngmdpnbnjpmcbd\0.9.2_0\
CHR - Extension: LastPass = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\
CHR - Extension: LeftLane Sports = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hheadllghpjfopofhidldnjmjocmlcld\1.1_0\
CHR - Extension: Tweet Button for Chrome (by Shareaholic) = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\homldgnlpldcmdflhnabedgkgpmeanhd\2.1.0_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.54_0\
CHR - Extension: wikiHow Survival Kit = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0\
CHR - Extension: Valuid - Free ads = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifgmhhkblhlclhfmbhgagloflnkekmkd\1.30_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Weather Window by WeatherBug = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: Forecastfox = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: Power Twitter for Google Chrome\u2122 = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iieehhjfejnoljbnnhfnhibcjhmifffo\1.80_0\
CHR - Extension: 60 Minutes = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjhdahelgojehmfmkmdfjcpfbglbfmj\0.60_0\
CHR - Extension: Up = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohgglcbddjknnemakghbjadinmopafl\1.4_0\
CHR - Extension: Lose It! = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn\3.5.0.3_0\
CHR - Extension: Disconnect = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.1.1_0\
CHR - Extension: Yoono - Twitter, Facebook, LinkedIn, YouTube\u2122 = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\0.2.7.17_0\
CHR - Extension: BBC Good Food = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0\
CHR - Extension: Evernote Web = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: PigeonMap Classifieds = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaehnnhfbbfbfglhjhnppacekmgcjbd\1.1_0\
CHR - Extension: Open Tweet Streamer = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbehinjacalkpaiadenmalofkdnppne\0.6.0_0\
CHR - Extension: Google Maps = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Phone 2 Google Chrome\u2122 = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.1_0\
CHR - Extension: Illimitux = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
CHR - Extension: Session Manager = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.3_0\
CHR - Extension: Mint = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg\1.5_0\
CHR - Extension: Weather Watcher Live = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\migekhbneabjkfadmgpimohcoclbbcfp\1.0.15_0\
CHR - Extension: Ghostery = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: AutoPager Chrome = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.7.1.4_0\
CHR - Extension: Time Tracker = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokmnbikneoaenmckfmgjgjimphfojkd\1.0.9_0\
CHR - Extension: AVG Do Not Track = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Google bookmarks = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfieeekinhmpmgnonkgbmklfdheojoni\3.2.0_0\
CHR - Extension: Facebook Notifications = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: ezLinkPreview = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnkcfbiefgdaceeplickkkmifpicbpcc\5.21_0\
CHR - Extension: Iconized Bookmarks Popup = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgonnihpamikjkfckpolamefpniicak\1.8.3_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: WealthLift Learn = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhcopaaicojnaejmcoanddoeekodemk\1.1.0.0_0\
CHR - Extension: GearSnyper = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegcjplimfhhpfmeinibngbldedckjc\1.3.1_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\
CHR - Extension: Weather Underground = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Learn Spanish - Qu\u00E9 Onda Spanish = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj\1_0\
CHR - Extension: Economist Radio = C:\Users\Nat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokaljfafjmhnoofahjignaelkgahpml\1.81_0\

O1 HOSTS File: ([2012/11/29 00:04:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O3 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder 5\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000..\Run: [GoogleChromeAutoLaunch_8BE40564AC383C2899573C16E7E24611] C:\Users\Nat\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000..\Run: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe ()
O4 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000..\Run: [UIWatcher] C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - Startup: C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BTGuard Updates.lnk = C:\BTGUARD\settings.exe ()
O4 - Startup: C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3458641694-2502764532-1117732830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_64.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8115262A-6667-483C-8DAB-2CCE60DE607E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/01 21:34:38 | 000,000,000 | ---D | C] -- C:\Users\Nat\Desktop\Fixing My Computer
[2012/12/01 20:00:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/01 19:59:39 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/01 19:49:38 | 000,000,000 | ---D | C] -- C:\Users\Nat\AppData\Local\Western_Digital
[2012/12/01 19:48:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2012/12/01 19:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/12/01 19:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2012/12/01 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2012/12/01 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital
[2012/12/01 19:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2012/11/29 00:11:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/29 00:06:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/29 00:02:48 | 000,000,000 | ---D | C] -- C:\Users\Nat\Desktop\RESUME
[2012/11/28 23:48:00 | 000,000,000 | ---D | C] -- C:\Users\Nat\Desktop\nsara don't post these
[2012/11/28 23:30:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/27 22:33:51 | 000,000,000 | ---D | C] -- C:\Users\Nat\AppData\Roaming\TuneUp Software
[2012/11/27 22:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/11/27 22:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/11/27 22:19:44 | 000,000,000 | ---D | C] -- C:\Users\Nat\AppData\Local\Evernote
[2012/11/27 22:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/11/27 22:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2012/11/27 21:20:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMCO
[2012/11/25 21:02:48 | 000,000,000 | ---D | C] -- C:\Users\Nat\Desktop\NSARA Oct-Nov 2012
[2012/11/25 19:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/25 19:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/24 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\Nat\Jaikoz
[2012/11/24 00:48:12 | 000,000,000 | ---D | C] -- C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/11/24 00:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/11/24 00:43:49 | 000,883,200 | ---- | C] (File Encryption Software) -- C:\Users\Nat\Desktop\fencryption.exe
[2012/11/21 01:26:44 | 000,000,000 | ---D | C] -- C:\Users\Nat\Desktop\NSARA Academy 1201- Best Images
[2012/11/21 00:22:22 | 000,000,000 | ---D | C] -- C:\Users\Nat\Desktop\GoPRO
[2012/11/19 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nat\Desktop\100GOPRO
[2012/11/13 12:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/11/13 12:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2012/11/13 12:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/11/13 12:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/11/11 12:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/11 12:24:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Nat\Desktop\*.tmp files -> C:\Users\Nat\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/01 21:14:16 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 21:14:15 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 21:05:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/01 21:04:23 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/01 21:03:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 21:03:50 | 3145,101,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/01 20:57:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3458641694-2502764532-1117732830-1000UA.job
[2012/12/01 19:56:24 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/01 19:56:24 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/01 19:56:24 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/01 19:45:58 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\WD SmartWare.lnk
[2012/12/01 19:44:11 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk
[2012/12/01 18:45:41 | 101,738,057 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/11/30 22:02:49 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3458641694-2502764532-1117732830-1000Core.job
[2012/11/29 00:04:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/27 22:29:53 | 000,001,131 | ---- | M] () -- C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/11/27 22:16:38 | 000,000,936 | ---- | M] () -- C:\Users\Nat\Desktop\Evernote.lnk
[2012/11/27 21:21:57 | 000,001,200 | ---- | M] () -- C:\Users\Nat\Desktop\EMCO UnLock IT.lnk
[2012/11/25 21:53:49 | 000,049,875 | ---- | M] () -- C:\Users\Nat\Desktop\tumblr_m6lw4sPgax1rvqa42o1_500.jpg
[2012/11/25 17:37:44 | 000,036,827 | ---- | M] () -- C:\Users\Nat\Desktop\15977_466367320096012_513948613_n.jpg
[2012/11/24 00:48:21 | 000,001,172 | ---- | M] () -- C:\Users\Nat\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2012/11/19 18:37:45 | 000,188,294 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/11/16 03:48:51 | 000,435,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 11:02:57 | 498,579,939 | ---- | M] () -- C:\Users\Nat\Desktop\Bryan Ferry - Olympia Remixes (2011) - mp3 256kbps.rar
[2012/11/09 00:23:50 | 005,686,307 | ---- | M] () -- C:\Users\Nat\Desktop\DSCN0895.JPG
[2012/11/09 00:04:36 | 006,226,750 | ---- | M] () -- C:\Users\Nat\Desktop\DSCN0884.JPG
[2012/11/09 00:04:32 | 006,145,253 | ---- | M] () -- C:\Users\Nat\Desktop\DSCN0883.JPG
[2012/11/08 13:55:52 | 006,239,829 | ---- | M] () -- C:\Users\Nat\Desktop\DSCN0873.JPG
[2012/11/08 13:45:08 | 006,139,498 | ---- | M] () -- C:\Users\Nat\Desktop\DSCN0867.JPG
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Nat\Desktop\*.tmp files -> C:\Users\Nat\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/01 19:45:58 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\WD SmartWare.lnk
[2012/12/01 19:44:11 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk
[2012/11/29 00:06:26 | 006,239,829 | ---- | C] () -- C:\Users\Nat\Desktop\DSCN0873.JPG
[2012/11/29 00:06:26 | 006,139,498 | ---- | C] () -- C:\Users\Nat\Desktop\DSCN0867.JPG
[2012/11/29 00:06:26 | 000,036,827 | ---- | C] () -- C:\Users\Nat\Desktop\15977_466367320096012_513948613_n.jpg
[2012/11/27 22:29:52 | 000,001,131 | ---- | C] () -- C:\Users\Nat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/11/27 22:16:38 | 000,000,936 | ---- | C] () -- C:\Users\Nat\Desktop\Evernote.lnk
[2012/11/27 21:21:57 | 000,001,200 | ---- | C] () -- C:\Users\Nat\Desktop\EMCO UnLock IT.lnk
[2012/11/25 21:53:46 | 000,049,875 | ---- | C] () -- C:\Users\Nat\Desktop\tumblr_m6lw4sPgax1rvqa42o1_500.jpg
[2012/11/24 00:48:21 | 000,001,172 | ---- | C] () -- C:\Users\Nat\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2012/11/21 01:21:07 | 006,226,750 | ---- | C] () -- C:\Users\Nat\Desktop\DSCN0884.JPG
[2012/11/21 01:21:07 | 006,145,253 | ---- | C] () -- C:\Users\Nat\Desktop\DSCN0883.JPG
[2012/11/21 01:21:07 | 005,686,307 | ---- | C] () -- C:\Users\Nat\Desktop\DSCN0895.JPG
[2012/11/21 01:21:07 | 001,557,223 | ---- | C] () -- C:\Users\Nat\Desktop\2012-05-28_21-59-08_940.jpg
[2012/11/21 01:21:07 | 000,848,269 | ---- | C] () -- C:\Users\Nat\Desktop\2012-09-24_22-37-45_640.jpg
[2012/11/16 03:20:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 03:03:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/08/18 08:50:00 | 000,001,490 | ---- | C] () -- C:\Users\Nat\.recently-used.xbel
[2012/07/13 19:08:41 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012/06/29 10:19:07 | 000,098,696 | ---- | C] () -- C:\Windows\SysWow64\setupprwdrv03.exe
[2012/06/29 10:19:07 | 000,013,704 | ---- | C] () -- C:\Windows\SysWow64\prwntdrv.sys
[2012/05/24 22:04:58 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012/05/13 11:55:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bundle
[2012/05/13 11:55:59 | 000,000,268 | RH-- | C] () -- C:\Users\Nat\AppData\Roaming\Booms
[2012/05/13 11:55:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/05/13 11:55:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\ColorSync
[2012/05/13 11:54:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\CIOSupport
[2012/05/13 11:54:52 | 000,000,268 | RH-- | C] () -- C:\Users\Nat\AppData\Roaming\Breath Pad
[2012/05/13 11:54:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/05/13 11:54:52 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Colors
[2012/05/13 11:54:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bubble Noise
[2012/05/13 11:54:51 | 000,000,268 | RH-- | C] () -- C:\Users\Nat\AppData\Roaming\BookService
[2012/05/13 11:54:51 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Clips
[2012/05/13 11:54:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/04/19 01:44:09 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/04/19 01:44:09 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/29 21:32:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/29 21:32:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/29 21:32:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/29 21:32:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/29 21:32:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/25 20:19:03 | 000,000,415 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2011/10/12 21:22:04 | 000,001,708 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/08/11 16:10:39 | 000,028,622 | ---- | C] () -- C:\Windows\SysWow64\w3iod.dll
[2011/07/12 23:41:11 | 000,746,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/29 20:10:29 | 000,197,316 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/31 21:02:21 | 000,000,076 | ---- | C] () -- C:\Windows\SysWow64\dtirc.dll
[2011/03/06 20:38:05 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/03/06 20:07:10 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/03/06 20:07:10 | 000,017,772 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/10 21:00:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/12 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\AVG10
[2012/07/21 20:49:29 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\AVG2012
[2012/05/06 00:05:53 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\CrashPlan
[2012/08/06 22:47:19 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\DAEMON Tools Lite
[2012/08/18 08:34:59 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\dBpoweramp
[2012/05/05 23:21:31 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Dekart
[2011/09/24 01:55:04 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Digiarty
[2012/05/24 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\DonationCoder
[2011/09/24 02:25:00 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\EasyBurner
[2012/11/27 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\EMCO
[2011/02/13 20:00:58 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Flickr
[2012/07/19 23:03:18 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\GARMIN
[2012/08/12 15:30:26 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\gtk-2.0
[2011/10/23 13:35:55 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\ImgBurn
[2011/10/22 20:24:33 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\J River
[2012/09/24 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\KeePass
[2012/05/24 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Moyea
[2011/09/21 19:22:31 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\MusicBrainz
[2012/07/13 19:07:27 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Nikon
[2011/05/30 17:49:55 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Nullsoft
[2012/04/29 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\OpenOffice.org
[2011/07/14 22:10:08 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Opera
[2012/09/24 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Recordpad
[2011/09/05 17:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\rinsebyreal
[2011/02/05 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Smith Micro
[2011/10/02 18:38:11 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Songbird2
[2012/01/28 17:05:43 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Spotify
[2011/01/10 21:00:23 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\Thunderbird
[2012/11/27 22:33:51 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\TuneUp Software
[2012/11/30 21:35:05 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\TuneUpMedia
[2012/11/25 23:22:59 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\uTorrent
[2011/04/24 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\Nat\AppData\Roaming\wootalyzer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK3252GSX ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 286.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 306679119872
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Here is the Extras.txt File:
OTL Extras logfile created on: 12/1/2012 9:28:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nat\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 61.61% Memory free
7.81 Gb Paging File | 4.63 Gb Available in Paging File | 59.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 40.39 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive E: | 1.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NAT-PC | User Name: Nat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3458641694-2502764532-1117732830-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0432618D-7EB8-408D-82A5-0A2A20F319DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11A18E5A-4F28-4595-83E5-0EE39895C18E}" = rport=138 | protocol=17 | dir=out | app=system |
"{123369F7-5278-4340-9593-BD8E7FED252E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B4AD3D1-5C11-4FC0-BCD0-01F02FC750E3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33391D95-CD55-47BF-B734-526E914EBB5D}" = lport=137 | protocol=17 | dir=in | app=system |
"{4440E12B-BB8E-4AFE-857B-DDD4FADEF876}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4DCE5417-A311-49E8-9085-72A61CE937E3}" = lport=1688 | protocol=6 | dir=in | name=kms emulator |
"{63B1DE35-7DCF-4C4B-9C36-E51E9AAB547F}" = rport=445 | protocol=6 | dir=out | app=system |
"{70C6D4F3-E937-42C8-A80A-A8510F71098B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C30F74B-D31D-4F34-82B3-40276D22AD3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92F3362E-0AA1-4CF4-9217-D27DF5099841}" = rport=10243 | protocol=6 | dir=out | app=system |
"{976805D2-F979-48E3-A4DB-C491F511F9FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5681B28-ABA4-4A95-A667-E906B63CAAAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6B88157-6007-4812-9C44-43D20D0E9136}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE4B2573-B8A6-4310-B2AE-D31B5AF79AE6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B296960D-3BB2-45DF-860E-783C93E9759A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B918AAEB-D9C2-4AC7-B257-F6F7C7154C9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2682822-29CB-49E0-8FE9-DECDB405477E}" = rport=137 | protocol=17 | dir=out | app=system |
"{C91F4BB1-A097-4FF5-950B-1C80FE9415DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB979D5A-0659-4EF8-B7B0-86130EACCD37}" = lport=139 | protocol=6 | dir=in | app=system |
"{D359D9FF-4A2F-4E00-99A2-4C7B5CC11DDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D92A8D49-DD21-4460-B855-093121DCB8C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1E98C21-B99D-4FC6-8611-864C31729D54}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F33CB0A6-DA7A-422B-A486-E2CBC1F2E61F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D95AFD-E3B5-4A1E-9BCE-FFBEC8A2C91D}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero vision\nerovision.exe |
"{0419DCF2-A1F2-4D38-BF24-C4F6D3B14712}" = protocol=6 | dir=out | app=system |
"{07A8FD17-C9A1-4C0C-A493-39A11B222EA9}" = protocol=6 | dir=in | app=c:\btguard\utorrent.exe |
"{1429F7E3-B1C6-4113-B117-B3B91725C21A}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero mobile\setupneromobile.exe |
"{15558675-1768-492A-A67F-1664B281CCD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18A13795-CEBE-4671-89C3-13AAA56E76B4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{243BA657-03D7-4C7C-B0EC-5F176021EA6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25BB5928-73AF-41A2-B16B-BACFCA60C5F5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{27420D8C-70A3-4AF4-853D-7DE5D7D2E99F}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero backitup\nbkeyscan.exe |
"{2A375C36-D9CC-4D8E-99F6-276C4D04B8EC}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{2CBA1E83-35FB-44CC-A2F3-DE759540AF62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CD2BC9D-6424-4BEA-9BDC-2DB41E90039A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2D0E0848-19CA-4FC3-AC7A-5D3E4DF0831B}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero burning rom\nmdllhost.exe |
"{2DEDCA9E-E1E3-427F-983F-475A10CB6AED}" = dir=out | app=%programfiles% (x86)\nero\nero 7\core\nero.exe |
"{324381D9-051C-4CBC-83E4-1C1A4BBD982E}" = protocol=17 | dir=in | app=c:\btguard\utorrent.exe |
"{34C51071-6646-419F-BB96-52A9F4F5D150}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{389E07AD-2C90-4E34-A7F5-1E41BE2FBEE2}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero toolkit\infotool.exe |
"{3A871CE7-3917-447F-B8EE-DF981885D05A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3AFA360B-C894-4F6A-ACBA-68AFFFB33831}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{3BCDF3C3-64C1-4F82-A794-AA753E7940DC}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero recode\recode.exe |
"{3E409C34-1C4F-4CC9-8012-E84B3E5F1E22}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero controlcenter\ncc.exe |
"{42385322-EE20-45C4-8EFE-E1F0C34CD0B5}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{44C0D211-AE53-4151-A4CA-850FD111F8E5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{461EF55D-2648-4BD4-9067-9B1C4173B052}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero home\nerohome.exe |
"{496CD72B-B1A1-4D52-A9AC-A3800DDAFAB9}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero burnrights\neroburnrights.exe |
"{4B119F29-2A1F-4889-9B71-C123D3F367A2}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero photosnap\photosnap.exe |
"{4EDB1947-5B66-461D-BC44-F79E9FBD353B}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero backitup\backitup.exe |
"{4F9225CB-95E3-4C16-8809-632967963AF0}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero backitup\nbservice.exe |
"{54DFBFA3-2D24-4C11-9F6F-31C217FC3844}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{5544C73C-BD68-423C-86AF-DFE63F99F671}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero toolkit\drivespeed.exe |
"{58355658-C4C4-4DA5-88AA-F5B91AF1F79C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CBE72A7-6AB3-45B5-89E2-D2D25B25D2C9}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero burning rom\nero.exe |
"{60BFF9A0-F439-478F-BEEC-451B1EA2B9AF}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero waveeditor\dxenum.exe |
"{618A3BE7-64FF-44F5-986A-74E7C2882F44}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero toolkit\neroburnrights.exe |
"{638A0712-C2F4-4417-9C7C-73403DF9E1C5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6475946B-ED47-4C0B-A1D7-2F5C8BEB7D6A}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero mediahome\neromediahome.exe |
"{68295FF2-47D8-4931-B2CE-B4FBE88E01DD}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero mobile\neromobilead.exe |
"{78E85668-9233-42BB-9B40-31DA108E660E}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero backitup\nbsftp.exe |
"{797CE813-E398-4CB2-B72B-ACB76628AE9E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7AF57005-7124-4C7B-8CDD-5B48852952A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7ED94245-07A4-4435-A5A8-C07514A82D63}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{88504EFA-D869-4F99-AE65-89EAF9BE5B99}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{89D17012-F228-41C0-B591-524D1A0B7F95}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero burning rom\securdisc\nerosecurdiscviewer.exe |
"{8B65D35F-3CF9-45B9-A513-5A8C239815B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EA427A6-EAD5-4E10-BD80-6B7C0C94A829}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero burning rom\nerodiscmerge.exe |
"{913FDFC0-26A7-4FCC-882C-9C265A57F8D3}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{9B9DEDB4-6BB7-4513-B367-8E826EAF8509}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9EDDF7E0-BD58-45C0-AEA3-3B39E5E3ACA5}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero mediahome\nmmediaserver.exe |
"{9F0FBE4E-7B06-47D9-962D-78A7732FF5F7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{A2709786-8E3E-4BAD-B019-E512B1D192B2}" = dir=out | app=%programfiles% (x86)\nero\nero 7\core\nerocmd.exe |
"{A67EE5C0-FB5A-4E71-8829-E6821ECDB498}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A96762A8-4E86-4359-9D29-267040C8B189}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{AC215AB7-7B21-4BB4-9364-DB4A27C24517}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero burning rom\nerodiscmergewrongdisc.exe |
"{B1FBB3E0-2D04-4A0F-B114-9AA84C823BE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B71BD8C2-0893-494D-9DBE-0E8EE6208307}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9980F05-4269-4A2C-9B59-E7C08B17D14C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C186221E-3EF8-4FCC-9526-3D8FC49CE81D}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero photosnap\photosnapviewer.exe |
"{C809FBE3-1A52-46CF-AA0E-D06A3D594A18}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero toolkit\cdspeed.exe |
"{C8D56C78-7830-452F-B8EA-80EF307A22B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D07383B4-3888-4AF1-933E-8DDC8430163D}" = dir=out | app=%programfiles% (x86)\nero\nero 7\core\nedwfilehelper.exe |
"{D3307289-9441-4508-BB27-BCF86A01574D}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero coverdesigner\coverdes.exe |
"{DB75C348-57AF-4B24-B579-FE4C079B2071}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DCDEA1E7-08B5-4AF8-BBD4-92405AF506CD}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero controlcenter\ncchelper.exe |
"{DE3FADCB-40CD-4CBF-874C-8F7332B1D5C7}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero soundtrax\soundtrax.exe |
"{E12D921A-8A8C-4B01-95E2-C2248044B7FD}" = protocol=58 | dir=in | app=system |
"{E22107B0-0D81-47EC-B985-6B36D10C7CF4}" = dir=out | app=%programfiles% (x86)\nero\nero 7\core\securdisc\discinfo.exe |
"{E2F6CAA2-15B4-4F71-9B6C-8BB859CE9254}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E31ED584-519F-40C4-A9F5-FD0ACEB9FF4E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E37B3239-CA1B-4FAF-9682-2AEC01E7D66D}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero\uninstall\unnero.exe |
"{E4B814C5-8859-4F5F-80A5-7DD5DA5D6F68}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E4D9784E-B0B4-4C5D-A473-0FF265283C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E52DDF3B-720F-4F8D-82D9-75E0341277D6}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero showtime\showtime.exe |
"{EAA09D28-C286-443B-B290-F49D67CA9278}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero waveeditor\waveedit.exe |
"{EB985C95-FF5D-4D3D-B064-56DF4ADC61D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC18EA29-12C2-4B91-A6F7-F8F0E1D246EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFFED6B8-3A6B-4DFD-87DB-D780BFDFB973}" = dir=out | app=%programfiles% (x86)\nero\nero 10\nero burning rom\neroaudiorip.exe |
"{F5356018-3BC8-469F-9D5B-6BAA7677E377}" = dir=out | app=%programfiles% (x86)\nero\nero 7\nero startsmart\nerostartsmart.exe |
"{F5944AD4-D207-4052-AA31-7EB242824125}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{FF1268AE-4256-423C-AAB8-6BD84431C8CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{625A2BDB-2839-4E60-BC61-91ACF545DC73}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{A9CB3CFE-D4AC-475F-8F7C-2A25586465DC}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |
"UDP Query User{A91BD5EC-83DC-446E-B7E0-D6287E04854F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{E1872C5B-F757-40E3-AFD9-BBEC470169A3}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{22A51951-1F45-4C8A-B888-306527F9C45F}" = WD SmartWare
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{26A49C2B-B623-4AE8-8192-5225D9F184D2}" = AVG 2012
"{4533D25D-D179-442D-BC2A-F24898B811BF}" = EMCO MoveOnBoot 2.3
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{581F6FB0-46E6-42DA-98CC-ABB001386520}" = Motorola Mobile Drivers Installation 5.1.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"8D434570B215F4E7650A004193A770DC9BD6DB58" = Windows Driver Package - Dekart (DEKART38) SmartCardReader (08/08/2011 1.1.6.1)
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PeerGuardian_is1" = PeerGuardian 2.0
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1CCBC9C3-25C9-46DB-9F78-3B950E0E87BD}" = SIM Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23586840-E892-42BD-A39D-49EEE95442AA}" = Garmin BaseCamp
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C16BD93-892E-4560-AA22-723F874CB8BA}" = Update Service
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{49A69C82-728C-ECEE-0BCF-0636A2778081}" = Rinse
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{6304587B-3C05-4031-A8E7-7938CB9162E7}_is1" = meta-iPod, the iTunes Cleaner 1.8
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{77E325CA-C44F-48CD-8BBD-7910737BA258}" = Garmin TOPO U.S. 24K Southeast v2
"{780F9A1C-6BFE-4691-83A9-095D859E3052}" = VZAccess Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{8172B41A-9BB5-4A64-BF28-1FB5FE43C3FF}" = WD Security
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.WORD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.WORD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.WORD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.WORD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.WORD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{97D00C99-DF3C-4357-A212-B821308E1B1E}_is1" = Google Calendar duplicate deletor version 2.0
"{97E265BF-9250-41FB-B64A-FC50975AF1EC}" = ZTE USB Drivers
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CAC2CF93-B532-4A88-81FE-110750C3E4BA}" = Verizon Wireless USB760 Firmware Updates
"{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8E3C768-71F3-11E1-9DF7-70804824019B}" = Snagit 11
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD0F8123-9035-44B0-B331-2596979E74ED}_is1" = Book Collector
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo UnInstaller 4_is1" = Ashampoo UnInstaller 4 v.4.20
"ATT-PRT22" = ATT-PRT22
"Audacity_is1" = Audacity 1.2.6
"Card Data Recovery" = Card Data Recovery
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EMCO UnLock IT 3_is1" = EMCO UnLock IT 3.0
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"FeedDemon_is1" = FeedDemon
"FileRescue Pro" = FileRescue Pro 2.6
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Freecorder 5.0" = Freecorder 5
"GetFLV Pro_is1" = GetFLV Pro 9.0.3.9
"GoldenCheetah" = Golden Cheetah
"iCall 7.1.524" = iCall
"ImgBurn" = ImgBurn
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 9.0.1 (x86 en-US)" = Mozilla Thunderbird 9.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"MusicBrainz Picard" = MusicBrainz Picard
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"Office14.WORD" = Microsoft Word 2010
"Opera 11.64.1403" = Opera 11.64
"Picasa 3" = Picasa 3
"rinsebyreal" = Rinse
"Songbird-release-1959" = Songbird 1.9.3 (Build 1959)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"TechSmith SnagIt 11" = TechSmith SnagIt
"TuneUpMedia" = TuneUp Companion 2.4.6.4
"Unlocker" = Unlocker 1.9.1
"URLSnooper 2_is1" = URL Snooper v2.30.01
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.5 [64-Bit]
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"WinX DVD Author_is1" = WinX DVD Author 5.9
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3458641694-2502764532-1117732830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BTGuard 2.4" = BTGuard 2.4
"BTGuard 2.5" = BTGuard 2.5
"Google Chrome" = Google Chrome
"Google Chrome SxS" = Google Chrome Canary
"GoToMeeting" = GoToMeeting 4.8.0.723
"LastPass" = LastPass (uninstall only)
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in

< End of report >

Attached Files

  • Attached File  JRT.txt   7.47KB   3 downloads


#14 creekdipper

creekdipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 01 December 2012 - 11:56 PM

Hey CatByte, Here is the AdwCleaner.txt file.

Attached Files



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 02 December 2012 - 09:08 AM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users