Solved Follow-up from past Sirefef infection-

Snazzy_C · Jun 25, 2012

OTL logfile created on: 6/25/2012 9:55:18 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 72.29% Memory free
11.90 Gb Paging File | 10.04 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.98 Gb Total Space | 524.72 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
Drive G: | 1.85 Gb Total Space | 1.85 Gb Free Space | 99.72% Space Free | Partition Type: FAT

Computer Name: CHRISPC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 21:54:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2012/06/13 22:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/03/02 18:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/20 21:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 20:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 18:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/22 01:04:38 | 001,888,256 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/29 17:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/04 23:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 15:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/01 19:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 17:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 15:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 18:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2F759BB4-CEA6-4E37-A322-3BE15B49F010}
IE:64bit: - HKLM\..\SearchScopes\{2F759BB4-CEA6-4E37-A322-3BE15B49F010}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {492E4F5B-9555-4C47-B0C8-19BCA3923975}
IE - HKLM\..\SearchScopes\{492E4F5B-9555-4C47-B0C8-19BCA3923975}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\..\SearchScopes,DefaultScope = {DD3E67F0-71CD-4B18-A7F9-2154E92AB896}
IE - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\..\SearchScopes\{DD3E67F0-71CD-4B18-A7F9-2154E92AB896}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/21 04:27:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/20 17:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/06/25 00:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/06/25 00:10:17 | 000,084,443 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\THUNDERBIRD\PROFILES\BZ4R08EV.DEFAULT\EXTENSIONS\{2AB1B709-BA03-4361-ABF9-C50B964FF75D}.XPI
[2012/06/25 00:10:18 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\CHRIS\APPDATA\ROAMING\THUNDERBIRD\PROFILES\BZ4R08EV.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2012/06/25 00:01:42 | 000,564,663 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\THUNDERBIRD\PROFILES\BZ4R08EV.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Easy Youtube Video Downloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmknocfkgffdgekmfonabppnhdgmghem\4.1_0\

O1 HOSTS File: ([2012/06/25 21:17:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-869840263-2604391263-3299390013-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BFF42A2-4CCA-441D-B52B-8AF72AF1854F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\windows\SysWow64\frapsvid.dll (Beepa P/L)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 00:06:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/25 21:54:33 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/06/25 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/25 21:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/25 21:33:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/25 21:21:34 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/25 21:17:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/25 21:08:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/06/25 21:08:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/06/25 21:08:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/06/25 21:06:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/25 21:05:47 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/06/25 21:04:53 | 004,568,282 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/06/25 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple Computer
[2012/06/25 18:57:54 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents\Notes
[2012/06/25 15:05:11 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2012/06/25 00:23:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Articles
[2012/06/25 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Thunderbird
[2012/06/25 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Thunderbird
[2012/06/25 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2012/06/24 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Tific
[2012/06/22 09:28:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Diagnostics
[2012/06/22 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\foobar2000
[2012/06/21 19:26:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2012/06/21 08:18:45 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/06/21 08:18:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/06/21 04:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012/06/21 01:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/06/20 23:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/20 21:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/20 21:21:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\School
[2012/06/20 21:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/06/20 21:20:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Rainmeter
[2012/06/20 21:20:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\FSU
[2012/06/20 21:01:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Car
[2012/06/20 21:01:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Books
[2012/06/20 21:01:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Billing
[2012/06/20 20:53:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\DVDFab
[2012/06/20 20:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8
[2012/06/20 20:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8
[2012/06/20 20:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/06/20 20:51:45 | 000,726,016 | ---- | C] (Igor Pavlov) -- C:\windows\SysWow64\7z.dll
[2012/06/20 20:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2012/06/20 20:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2012/06/20 20:50:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2012/06/20 20:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/06/20 20:37:41 | 000,000,000 | ---D | C] -- C:\Fraps
[2012/06/20 20:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/06/20 20:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/20 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\vlc
[2012/06/20 19:51:35 | 000,000,000 | ---D | C] -- C:\windows\AutoKMS
[2012/06/20 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/06/20 19:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/20 19:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/06/20 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/06/20 19:39:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/20 19:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/06/20 19:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/06/20 19:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/06/20 19:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/06/20 19:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/06/20 19:34:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft Help
[2012/06/20 19:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/06/20 19:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/06/20 19:34:20 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/06/20 19:05:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/06/20 18:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Toshiba Shared
[2012/06/20 18:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/20 18:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/20 18:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/20 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2012/06/20 18:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
[2012/06/20 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012/06/20 18:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Corporation
[2012/06/20 18:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/20 18:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/20 18:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/20 18:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Online Backup
[2012/06/20 18:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toshiba Online Backup
[2012/06/20 18:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/06/20 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2012/06/20 18:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Games
[2012/06/20 18:23:12 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\sda
[2012/06/20 18:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/06/20 18:22:38 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e
[2012/06/20 18:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/06/20 18:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/06/20 18:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver
[2012/06/20 18:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/06/20 18:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/06/20 18:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/06/20 18:11:24 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2012/06/20 18:11:17 | 000,000,000 | ---D | C] -- C:\Intel
[2012/06/20 18:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012/06/20 17:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/06/20 17:27:36 | 000,000,000 | R--D | C] -- C:\Users\Chris\Dropbox
[2012/06/20 17:26:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2012/06/20 17:26:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Skype
[2012/06/20 17:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 17:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/20 17:16:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/20 17:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/20 17:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/06/20 17:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/06/20 17:15:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Paint.NET
[2012/06/20 17:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/20 17:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/20 17:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/20 17:14:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple
[2012/06/20 17:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/20 17:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/20 17:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/06/20 17:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/06/20 17:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/20 17:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/06/20 17:10:09 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/06/20 17:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/20 17:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/06/20 17:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/06/20 17:09:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/20 17:08:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2012/06/20 17:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012/06/20 17:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/06/20 17:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/06/20 17:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/06/20 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012/06/20 17:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2012/06/20 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2012/06/20 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/20 17:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/20 17:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/06/20 17:07:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2012/06/20 17:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/06/20 17:03:10 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe
[2012/06/20 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/20 17:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/20 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2012/06/20 17:01:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/06/20 16:56:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Toshiba
[2012/06/20 16:55:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
[2012/06/20 16:55:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2012/06/20 16:55:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\TOSHIBA
[2012/06/20 16:53:56 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/20 16:53:56 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
[2012/06/20 16:53:56 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/20 16:53:55 | 000,000,000 | -H-D | C] -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/20 16:53:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
[2012/06/20 16:53:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
[2012/06/20 16:53:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
[2012/06/20 16:52:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinBatch
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Videos
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Pictures
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Music
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
[2012/06/20 16:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
[2012/06/20 16:51:42 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
[2012/06/20 16:51:42 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/20 16:51:42 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
[2012/06/20 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp
[2012/06/20 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
[2012/06/20 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2012/06/20 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2012/06/11 14:17:46 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\windows\SysNative\frapsv64.dll
[2012/06/11 14:17:42 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\windows\SysWow64\frapsvid.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

Snazzy_C · Jun 25, 2012

========== Files - Modified Within 30 Days ==========

[2012/06/25 21:59:44 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 21:59:44 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 21:54:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/06/25 21:53:04 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 21:53:01 | 000,000,292 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2012/06/25 21:52:50 | 000,151,552 | ---- | M] () -- C:\windows\KMSEmulator.exe
[2012/06/25 21:52:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/25 21:52:06 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 21:34:23 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/06/25 21:34:17 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/25 21:34:17 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/25 21:34:17 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/25 21:17:25 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/06/25 21:04:55 | 004,568,282 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/06/25 20:52:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 20:38:17 | 000,729,752 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/25 16:40:36 | 000,001,408 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/22 07:11:52 | 004,968,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/22 01:04:43 | 000,000,395 | ---- | M] () -- C:\windows\SysWow64\Mcx2Svc.ocx
[2012/06/22 01:04:38 | 001,888,256 | ---- | M] () -- C:\windows\SysWow64\Mcx2Svc.dll
[2012/06/21 04:44:55 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/06/21 04:44:53 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2012/06/20 20:51:45 | 000,726,016 | ---- | M] (Igor Pavlov) -- C:\windows\SysWow64\7z.dll
[2012/06/20 19:50:26 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012/06/20 19:50:26 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012/06/20 18:21:50 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/06/20 18:13:03 | 000,015,828 | ---- | M] () -- C:\windows\SysNative\results.xml
[2012/06/20 17:09:22 | 000,001,062 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/20 17:08:41 | 000,002,121 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/06/20 17:07:36 | 000,000,978 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/20 16:53:01 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2012/06/11 14:17:46 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\windows\SysNative\frapsv64.dll
[2012/06/11 14:17:42 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\windows\SysWow64\frapsvid.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 21:34:20 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/25 21:08:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/06/25 21:08:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/06/25 21:08:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/06/25 21:08:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/06/25 21:08:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/06/25 16:40:36 | 000,001,408 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/22 01:04:43 | 000,000,395 | ---- | C] () -- C:\windows\SysWow64\Mcx2Svc.ocx
[2012/06/22 01:04:36 | 001,888,256 | ---- | C] () -- C:\windows\SysWow64\Mcx2Svc.dll
[2012/06/21 08:22:49 | 000,001,420 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/06/21 04:44:55 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/06/21 04:44:53 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/06/20 21:21:49 | 000,101,559 | ---- | C] () -- C:\Users\Chris\Documents\licence plate.pdf
[2012/06/20 21:21:49 | 000,098,503 | ---- | C] () -- C:\Users\Chris\Documents\License Plate_Mom.pdf
[2012/06/20 21:20:12 | 000,567,049 | ---- | C] () -- C:\Users\Chris\Documents\ADHD.pdf
[2012/06/20 21:01:33 | 002,436,516 | ---- | C] () -- C:\Users\Chris\Documents\Yarnell_Report.pdf
[2012/06/20 20:48:06 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/06/20 20:48:06 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/06/20 20:34:26 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012/06/20 20:33:08 | 000,001,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/06/20 20:32:44 | 000,001,289 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/06/20 20:31:25 | 000,001,390 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/06/20 20:31:19 | 000,001,562 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/06/20 20:30:50 | 000,001,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/06/20 20:25:23 | 000,151,552 | ---- | C] () -- C:\windows\KMSEmulator.exe
[2012/06/20 19:51:36 | 000,000,292 | ---- | C] () -- C:\windows\tasks\AutoKMS.job
[2012/06/20 18:42:25 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 18:42:25 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/20 18:21:50 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/06/20 18:20:46 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/06/20 18:13:03 | 000,015,828 | ---- | C] () -- C:\windows\SysNative\results.xml
[2012/06/20 18:10:40 | 000,008,192 | ---- | C] () -- C:\windows\SysNative\drivers\IntelMEFWVer.dll
[2012/06/20 18:05:46 | 495,865,855 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/20 17:31:10 | 000,002,010 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/06/20 17:17:17 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/06/20 17:17:10 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/20 17:15:52 | 000,001,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012/06/20 17:14:24 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/20 17:13:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/20 17:09:46 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/06/20 17:09:22 | 000,001,062 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/20 17:08:40 | 000,002,121 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/06/20 17:08:39 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/06/20 17:08:23 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/06/20 17:07:48 | 000,001,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2012/06/20 17:07:36 | 000,000,978 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/20 16:54:56 | 000,001,414 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/20 16:53:01 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2012/06/20 16:51:42 | 000,000,290 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/20 16:51:42 | 000,000,272 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/04/04 23:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 23:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 23:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 22:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/06/25 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2012/06/25 14:20:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\foobar2000
[2012/06/25 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Thunderbird
[2012/06/24 23:45:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tific
[2012/06/20 16:56:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Toshiba
[2012/06/20 22:02:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2012/06/20 16:52:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinBatch
[2012/06/25 21:53:01 | 000,000,292 | ---- | M] () -- C:\windows\Tasks\AutoKMS.job
[2009/07/14 01:08:49 | 000,010,380 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/20 23:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/03/24 14:59:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/25 21:21:32 | 000,028,637 | ---- | M] () -- C:\ComboFix.txt
[2012/06/25 21:52:06 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 21:52:09 | 2092,810,239 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 05:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/06/25 16:40:36 | 000,000,221 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/25 21:04:55 | 004,568,282 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/06/25 21:54:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/25 21:53:01 | 000,000,292 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2012/06/25 21:53:04 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 20:52:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 21:52:28 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/07/14 01:08:49 | 000,010,380 | ---- | M] () -- C:\windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/06/21 08:22:48 | 000,000,402 | -HS- | M] () -- C:\Users\Chris\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

Snazzy_C · Jun 25, 2012

OTL Extras logfile created on: 6/25/2012 9:55:18 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 72.29% Memory free
11.90 Gb Paging File | 10.04 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.98 Gb Total Space | 524.72 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
Drive G: | 1.85 Gb Total Space | 1.85 Gb Free Space | 99.72% Space Free | Partition Type: FAT

Computer Name: CHRISPC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-869840263-2604391263-3299390013-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{60A3532E-BB0A-4AF3-AEBA-6C011DCCF830}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{83999AD7-02ED-42BF-8E98-25C74E513216}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.10
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DD4F7112-B138-3BE4-9E31-D5F6A77F2DF5}" = Google Chrome
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011)
"FileHippo.com" = FileHippo.com Update Checker
"foobar2000" = foobar2000 v1.1.13
"ImgBurn" = ImgBurn
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-869840263-2604391263-3299390013-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2012 8:41:38 PM | Computer Name = CHRISPC | Source = MsiInstaller | ID = 10005
Description =

Error - 6/20/2012 8:41:38 PM | Computer Name = CHRISPC | Source = MsiInstaller | ID = 10005
Description =

Error - 6/20/2012 8:41:40 PM | Computer Name = CHRISPC | Source = MsiInstaller | ID = 10005
Description =

Error - 6/20/2012 9:52:34 PM | Computer Name = CHRISPC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2012 4:07:47 AM | Computer Name = CHRISPC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2012 8:21:55 AM | Computer Name = CHRISPC | Source = WinMgmt | ID = 10
Description =

Error - 6/22/2012 7:12:05 AM | Computer Name = CHRISPC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mcx2svc.dll, version: 0.0.0.0, time stamp:
0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0000897a Faulting process id:
0x704 Faulting application start time: 0x01cd5067ce778b7f Faulting application path:
C:\windows\SysWOW64\svchost.exe Faulting module path: c:\windows\syswow64\mcx2svc.dll
Report
Id: 190e6dbc-bc5b-11e1-b1f1-e89a8f8f9d01

Error - 6/22/2012 7:12:47 AM | Computer Name = CHRISPC | Source = WinMgmt | ID = 10
Description =

Error - 6/22/2012 7:13:10 AM | Computer Name = CHRISPC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mcx2svc.dll, version: 0.0.0.0, time stamp:
0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0000897a Faulting process id:
0xb58 Faulting application start time: 0x01cd5068006fae80 Faulting application path:
C:\windows\SysWOW64\svchost.exe Faulting module path: c:\windows\syswow64\mcx2svc.dll
Report
Id: 3fcb1271-bc5b-11e1-b1f1-e89a8f8f9d01

Error - 6/22/2012 11:35:01 AM | Computer Name = CHRISPC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mcx2svc.dll, version: 0.0.0.0, time stamp:
0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0000897a Faulting process id:
0x754 Faulting application start time: 0x01cd508c8e9a6431 Faulting application path:
C:\windows\SysWOW64\svchost.exe Faulting module path: c:\windows\syswow64\mcx2svc.dll
Report
Id: d45456be-bc7f-11e1-bb72-e89a8f8f9d01

[ System Events ]
Error - 6/21/2012 4:13:26 AM | Computer Name = CHRISPC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 6/21/2012 4:13:28 AM | Computer Name = CHRISPC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 6/21/2012 8:22:15 AM | Computer Name = CHRISPC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 6/21/2012 8:24:45 AM | Computer Name = CHRISPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for
x64-based Systems (KB2544521).

Error - 6/21/2012 8:24:45 AM | Computer Name = CHRISPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2703157).

Error - 6/21/2012 8:24:45 AM | Computer Name = CHRISPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for
Windows 7 for x64-based Systems (KB2598845).

Error - 6/21/2012 7:28:55 PM | Computer Name = CHRISPC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 6/22/2012 1:29:39 AM | Computer Name = CHRISPC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 6/22/2012 7:12:07 AM | Computer Name = CHRISPC | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 6/22/2012 7:13:10 AM | Computer Name = CHRISPC | Source = Service Control Manager | ID = 7034
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 2 time(s).

< End of report >

Broni · Jun 25, 2012

Clean.

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Snazzy_C · Jun 25, 2012

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 33
Adobe Flash Player11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

Farbar Service Scanner Version: 25-06-2012 01
Ran by Chris (administrator) on 25-06-2012 at 22:43:56
Running from "C:\Users\Chris\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Snazzy_C · Jun 25, 2012

Will Run TFC and online scan now...

Is MSE the best of the free AV softwares?

Also, how should I scan my backup drive? Plug it in and then just right click scan with MSE? I'm worried it will load ZeroAccess automatically.

Broni · Jun 25, 2012

There is no "the best" AV program. They're pretty much equal. A lot depends on your computer habits.

As for your external drive...
Install Panda USB Vaccine, or BitDefender’s USB Immunizer on your computer to protect it from any infected USB device.
Now you're safe to plug the external drive in and scan it with MSE.

Snazzy_C · Jun 25, 2012

MSE just popped up with Sirefef.B, .W, and .Y in the FRST Quarantine, should I just remove them?

Also, I suppose I should have said "your choice" rather than "the best"

Broni · Jun 25, 2012

MSE just popped up with Sirefef.B, .W, and .Y in the FRST Quarantine, should I just remove them?

Go ahead.

Personally I use Avast but it's just my choice. Nothing about better or worse.

Snazzy_C · Jun 26, 2012

Outside of the quarantined files, everything came back clean. I removed quarantined files.

Broni · Jun 26, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Snazzy_C · Jun 26, 2012

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Chris
->Temp folder emptied: 1891 bytes
->Temporary Internet Files folder emptied: 55960 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 34477687 bytes
->Flash cache emptied: 1478 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3820 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 199680 bytes

Total Files Cleaned = 33.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Chris
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Chris
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06262012_005513

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{5B208052-9FFC-42C7-AE8A-70CC532F78EE}.tmp moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5DEB7689-C3BC-49BE-A922-BC8EEAF24AAC}.tmp moved successfully.
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{68680522-42A6-4708-9061-11C4023D0425}.tmp not found!
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C74FA6D-08EE-4A97-B3BC-0DBEB3E5EDB3}.tmp moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F54F9B3D-8164-4902-B64D-E0EDEBAFCA17}.tmp moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FEA8352D-08C1-43F6-AAE2-62143DD2AC15}.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{5B208052-9FFC-42C7-AE8A-70CC532F78EE}.tmp not found!
File C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5DEB7689-C3BC-49BE-A922-BC8EEAF24AAC}.tmp not found!
File C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{68680522-42A6-4708-9061-11C4023D0425}.tmp not found!
File C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C74FA6D-08EE-4A97-B3BC-0DBEB3E5EDB3}.tmp not found!
File C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F54F9B3D-8164-4902-B64D-E0EDEBAFCA17}.tmp not found!
File C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FEA8352D-08C1-43F6-AAE2-62143DD2AC15}.tmp not found!

Registry entries deleted on Reboot...

Running Cleanup now, then will change passes... AGAIN haha.

Thanks for all the help, I really appreciate it!!

Snazzy_C · Jun 26, 2012

Also, computer is running fine!

Snazzy_C · Jun 26, 2012

Plugged in my drive and panda ran- reported it cannot vaccinate and to run chkdsk /f command

tried to run it, it said that it could not run because volume was in use by another process... what should I do?

Broni · Jun 26, 2012

Try BitDefender’s USB Immunizer

Snazzy_C · Jun 27, 2012

Didn't seem to auto run. looks like one of the two stopped it even though they did not confirm they had. ran MSE, a couple java exploits showed up but nothing else. Might not have been anything on there!

Snazzy_C · Jun 27, 2012

Also, still running clean!

Broni · Jun 27, 2012

Very well then.

Good luck and stay safe

Solved Follow-up from past Sirefef infection-

Snazzy_C

Snazzy_C

Snazzy_C

Broni

Posts: 56,041 +516

Snazzy_C

Snazzy_C

Broni

Posts: 56,041 +516

Snazzy_C

Broni

Posts: 56,041 +516

Snazzy_C

Broni

Posts: 56,041 +516

Snazzy_C

Snazzy_C

Snazzy_C

Broni

Posts: 56,041 +516

Snazzy_C

Snazzy_C

Broni

Posts: 56,041 +516

Similar threads

Latest posts