Inactive Infected: Tidserv Activity 4 alert & more

Status
Not open for further replies.
Broni said:
Still with me?
Click to expand...

Still with ya Broni. Will be posting next step in a couple hours. Just FYI, Comp did a full virus scan last night and there were 2 trojans (Maljava!gen3), and something else called Suspicious.cloud.7.F.... And to clarify, I have NOT downloaded anything, installed, opened forwarded mail, or made any changes.... Have just checked my normal pages and played some games in the little free time I've had. Scanner did remove them though.
 
Sorry htis took so long Broni, comp was acting buggy and Combo took a couple tries to get it going and took waaay longer than the 10mins it says... Anyhow here's the log.

ComboFix 12-05-06.04 - jay 05/07/2012 5:09.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.985 [GMT -4:00]
Running from: c:\users\jay\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\$NtUninstallKB15308$
c:\windows\$NtUninstallKB15308$\1245199675
c:\windows\system32\odbcad32.exe
c:\windows\system32\tmp3285.tmp
c:\windows\system32\tmp3573.tmp
c:\windows\system32\tmp79F.tmp
c:\windows\system32\tmp7BF.tmp
c:\windows\system32\tmpA592.tmp
c:\windows\system32\tmpA593.tmp
c:\windows\system32\tmpE214.tmp
c:\windows\system32\tmpE225.tmp
.
----- File Replicators -----
.
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\documents and settings\All Users\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\documents and settings\All Users\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\documents and settings\All Users\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
 
c:\documents and settings\All Users\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\documents and settings\All Users\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\documents and settings\All Users\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\documents and settings\All Users\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\documents and settings\All Users\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\documents and settings\All Users\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\documents and settings\All Users\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\bloodties-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\cruisecluescaribbeanadventure-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\dreamchronicles2-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\hiddensecretsthenightmare-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\mysteriouscitygoldenprague-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\nightshiftlegacyjaguarseye-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\secretsofthedragonwheel-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\theclockworkmanthehiddenworld-toshiba[pm].exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\bloodties\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\cruisecluescaribbeanadventure\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\dreamchronicles2\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\hiddensecretsthenightmare\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\magicencyclopediamoonlight\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\Temp\WTDownloader.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\nightshiftlegacyjaguarseye\UI\CatalystWrapper.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\WTDownloader\secretsofthedragonwheel\UI\CatalystWrapper.exe
.
.((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\users\jay\AppData\Local\temp
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 02:36 . 2012-04-24 02:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 01:50 . 2012-04-24 02:44 -------- d-----w- c:\windows\system32\drivers\NIS\1307000.009
2012-04-22 22:27 . 2012-04-22 22:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-22 22:27 . 2012-04-22 22:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-19 03:44 . 2012-04-19 03:44 -------- d-----w- c:\users\jay\AppData\Roaming\FixZeroAccess
2012-04-16 08:18 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 08:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 08:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-16 08:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-16 07:11 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-16 07:11 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-16 06:30 . 2012-04-16 06:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-16 06:30 . 2012-04-16 06:30 -------- d-----w- c:\program files\Symantec
2012-04-16 06:30 . 2012-04-16 06:30 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-16 06:27 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-16 06:16 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-16 06:16 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-16 06:16 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-16 06:16 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-16 06:16 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-16 06:16 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-16 04:50 . 2012-04-19 05:47 -------- d-----w- c:\users\jay\AppData\Local\LogMeIn Rescue Applet
2012-04-15 22:04 . 2012-04-15 22:04 -------- d-----w- c:\users\jay\AppData\Roaming\AVG2012
2012-04-15 22:04 . 2012-04-15 22:04 -------- d--h--w- c:\programdata\Common Files
2012-04-15 22:02 . 2012-04-19 05:02 -------- d-----w- c:\programdata\AVG2012
2012-04-15 21:56 . 2012-04-19 04:53 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 04:25 . 2012-03-03 04:25 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"cdloader"="c:\users\jay\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2009-05-01 82600]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-03 22:23 136176 ----atw- c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 21:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-08-04 01:17 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-04-22 40776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\SYMDS.SYS [2011-08-16 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS [2012-03-29 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [2012-04-03 821880]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccSetx86.sys [2011-11-29 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120505.001\IDSvix86.sys [2012-04-28 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\Ironx86.SYS [2012-03-29 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1307000.009\SYMNETS.SYS [2012-03-29 318584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2006-11-29 537520]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-16 106104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 16:02]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 16:02]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-528228499-1645162591-3411178397-1000Core.job
- c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-15 22:23]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-528228499-1645162591-3411178397-1000UA.job
- c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-15 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\jay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Freecorder FLV Service - c:\users\jay\Desktop\FLVSrvc.exe
AddRemove-ImTOO Video Converter Ultimate - c:\users\jay\Desktop\test\Video Converter Ultimate\Uninstall.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-07 05:35:44
ComboFix-quarantined-files.txt 2012-05-07 09:35
.
Pre-Run: 170,418,298,880 bytes free
Post-Run: 170,794,496,000 bytes free
.
- - End Of File - - FF437A45FBC1B0EAFD8D2C6822310D8B
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Afternoon Broni, computer has been acting buggy. Whenever comp is turned on I get notifications that "MyToshiba" has stopped working, then Catlyst Control Centre has stoped working. Computer heats up now if any videos like youyube, news videos, or even a game are played. When game is played for about 20 mins computer totally shuts off, I'm assuming to prevent overheating. I was getting notifications that the recycle bin was corrupt at startup and if I wanted to empty it (it was already empty), but those notifications for recycle bin stopped after last step. OTL log coming shortly.

Edit: OTL has made all the bells go off with my Norton and it removed the file from my computer and desktop. Re-downloading and will run with Norton turned off.
 
You have to take care of that overheating as soon as possible.
Is it desktop or laptop?
 
It's a laptop... never had this problem until this rootkit infection.I have no clue where to even begin with that overheating. Here comes the log. turned my AV back on after I got the log... dang Norton deleted OTL again and it wasn't even open! Wish it would've acted like that for the rootkit and viruses!!

OTL logfile created on: 5/12/2012 5:27:18 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\jay\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 61.42% Memory free
6.63 Gb Paging File | 5.70 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 151.76 Gb Free Space | 67.95% Space Free | Partition Type: NTFS

Computer Name: JAY-PC | User Name: jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/12 17:24:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\jay\Desktop\OTL.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 13:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/07/27 06:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 18:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 18:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/07/30 03:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 03:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 18:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/05/01 14:54:46 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe
PRC - [2009/05/01 14:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/14 01:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/11/29 13:57:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/16 05:53:17 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5ca17001998a75ca774d2b80eead5579\System.ServiceProcess.ni.dll
MOD - [2012/04/16 05:53:10 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/04/16 05:50:59 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/04/16 05:50:43 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/04/16 05:50:28 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/04/16 05:48:44 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/04/16 05:42:55 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/07 07:54:36 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/07/25 14:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 19:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 19:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 18:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/05/01 14:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
MOD - [2009/03/12 23:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006/08/08 16:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcyscw.dll
MOD - [2006/05/25 17:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\iptk.dll
MOD - [2006/02/13 10:04:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcydrec.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe /n SprintRcAppSvc -- (SprintRcAppSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe /n CASprint -- (CASprint)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/09/30 17:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/28 10:23:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 03:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/29 13:57:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jay\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/27 20:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120511.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/04/22 18:28:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/16 02:38:14 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/04/16 02:38:14 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/16 02:30:30 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/04/02 23:39:56 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/29 02:28:38 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307000.009\symnets.sys -- (SymNetS)
DRV - [2012/03/29 02:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307000.009\symefa.sys -- (SymEFA)
DRV - [2012/03/29 02:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307000.009\ironx86.sys -- (SymIRON)
DRV - [2012/03/29 02:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1307000.009\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307000.009\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/12/03 05:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120511.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/03 05:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120511.021\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/29 18:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011/08/16 02:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307000.009\symds.sys -- (SymDS)
DRV - [2010/07/27 05:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 05:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/13 12:18:22 | 000,372,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/07/30 21:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 16:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 19:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 19:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/02 18:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/05/05 04:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/10/15 11:58:34 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2008/10/15 11:58:34 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008/10/15 11:58:34 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/10/15 11:58:26 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/10/15 11:58:18 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {195ED698-CF29-4528-9686-93AB54F8930E}
IE - HKLM\..\SearchScopes\{195ED698-CF29-4528-9686-93AB54F8930E}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\SearchScopes,DefaultScope = {C00B1964-AE27-4663-AD00-656EB0F564FD}
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\SearchScopes\{195ED698-CF29-4528-9686-93AB54F8930E}: "URL" = http://www.google.com/search?source...g}&oe={outputEncoding}&rlz=1I7TSNA_en___US367
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\SearchScopes\{C00B1964-AE27-4663-AD00-656EB0F564FD}: "URL" = http://search.avg.com/route/?d=4c9f...&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jay\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\jay\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jay\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jay\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/03/01 19:25:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2012/03/01 19:25:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/01 06:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/04/16 02:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/05/12 05:45:02 | 000,000,000 | ---D | M]
 
[2010/03/10 19:25:02 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2010/03/10 19:25:02 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2010/03/10 19:25:03 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM

O1 HOSTS File: ([2012/05/07 05:31:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LXCYCATS] C:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000..\Run: [cdloader] C:\Users\jay\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\jay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 17:24:16 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\jay\Desktop\OTL.exe
[2012/05/12 12:37:32 | 000,000,000 | ---D | C] -- C:\windows\System32\directx
[2012/05/12 12:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012/05/07 19:30:07 | 000,000,000 | ---D | C] -- C:\Users\jay\AppData\Roaming\Mozilla
[2012/05/07 05:35:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/07 05:35:47 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/07 05:35:47 | 000,000,000 | ---D | C] -- C:\Users\jay\AppData\Local\temp
[2012/05/07 04:17:33 | 000,000,000 | ---D | C] -- C:\Users\jay\Desktop\tech help
[2012/05/07 04:03:48 | 000,000,000 | ---D | C] -- C:\Users\jay\Desktop\music n pics
[2012/05/07 03:57:14 | 000,000,000 | ---D | C] -- C:\Users\jay\Desktop\crap on desktop
[2012/04/23 23:42:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/23 23:42:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/23 23:42:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/23 23:42:34 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/23 23:42:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/23 23:26:54 | 004,486,107 | R--- | C] (Swearware) -- C:\Users\jay\Desktop\ComboFix.exe
[2012/04/23 22:36:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/22 18:27:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/04/22 18:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/22 18:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 23:44:19 | 000,000,000 | ---D | C] -- C:\Users\jay\AppData\Roaming\FixZeroAccess
[2012/04/18 23:43:53 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\jay\Desktop\FixZeroAccess.exe
[2012/04/17 03:10:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/04/17 03:10:24 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/04/17 03:10:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/04/17 03:10:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/04/17 03:10:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/04/17 03:10:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/04/16 04:14:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/04/16 04:14:44 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/04/16 04:14:44 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/04/16 04:14:44 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/04/16 04:14:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/04/16 04:14:44 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/04/16 04:14:44 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/04/16 04:14:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/04/16 04:14:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/04/16 04:14:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/04/16 04:14:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/04/16 04:14:44 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/04/16 04:14:44 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/04/16 04:14:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/04/16 04:14:44 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/04/16 04:14:44 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/04/16 04:14:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/04/16 04:14:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/04/16 04:14:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/04/16 04:14:44 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/04/16 04:14:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/04/16 04:14:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/04/16 04:14:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/04/16 04:14:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/04/16 04:14:44 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/04/16 04:14:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/04/16 04:14:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/04/16 04:14:44 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/04/16 04:14:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/04/16 04:14:44 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/04/16 04:14:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/04/16 03:11:20 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/04/16 03:11:18 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/04/16 02:30:30 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/04/16 02:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/04/16 02:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/04/16 02:29:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/04/16 02:28:57 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/04/16 02:28:55 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2012/04/16 02:28:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/04/16 02:28:55 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2012/04/16 02:28:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2012/04/16 02:28:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2012/04/16 02:28:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2012/04/16 02:28:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisdecd.dll
[2012/04/16 02:28:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2012/04/16 02:28:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2012/04/16 02:28:19 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2012/04/16 02:28:17 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/04/16 02:28:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012/04/16 02:27:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/04/16 02:27:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EncDec.dll
[2012/04/16 02:27:40 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2012/04/16 02:27:39 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/04/16 02:27:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2012/04/16 02:27:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2012/04/16 02:27:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2012/04/16 02:25:03 | 119,152,592 | ---- | C] (Symantec Corporation) -- C:\Users\jay\Desktop\NIS-ESD-19-5-1-2-EN.exe
[2012/04/16 02:16:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012/04/16 02:16:38 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/04/16 02:16:38 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/04/16 02:16:15 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2012/04/16 00:50:13 | 000,000,000 | ---D | C] -- C:\Users\jay\AppData\Local\LogMeIn Rescue Applet
[2012/04/15 23:14:03 | 006,254,016 | ---- | C] (Symantec Corporation) -- C:\Users\jay\Desktop\NRnR.exe
[2012/04/15 18:04:56 | 000,000,000 | ---D | C] -- C:\Users\jay\AppData\Roaming\AVG2012
[2012/04/15 18:04:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/04/15 18:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/15 17:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/12 17:30:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-528228499-1645162591-3411178397-1000UA.job
[2012/05/12 17:24:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\jay\Desktop\OTL.exe
[2012/05/12 16:42:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/12 14:30:37 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-528228499-1645162591-3411178397-1000Core.job
[2012/05/12 13:42:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/12 12:37:31 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012/05/12 10:44:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/12 05:51:05 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 05:51:05 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 05:43:55 | 000,131,072 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/05/12 05:43:43 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 05:31:39 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/05/07 03:18:48 | 004,486,107 | R--- | M] (Swearware) -- C:\Users\jay\Desktop\ComboFix.exe
[2012/05/05 22:41:22 | 000,002,552 | ---- | M] () -- C:\{C737E9DE-C52B-4975-B279-D239A96AE6FA}
[2012/04/23 22:45:22 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/04/23 22:44:58 | 001,445,347 | ---- | M] () -- C:\windows\System32\drivers\NIS\1307000.009\Cat.DB
[2012/04/23 22:44:10 | 000,008,942 | ---- | M] () -- C:\windows\System32\drivers\NIS\1307000.009\VT20120410.034
[2012/04/22 18:28:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/04/22 18:27:22 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 21:33:43 | 000,001,225 | ---- | M] () -- C:\Users\jay\Desktop\Infected Tidserv Activity 4 alert & more - TechSpot Forums.url
[2012/04/18 23:43:53 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\jay\Desktop\FixZeroAccess.exe
[2012/04/18 23:43:27 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NIS\1307000.009\isolate.ini
[2012/04/16 06:19:00 | 000,001,418 | ---- | M] () -- C:\Users\jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/16 05:45:54 | 000,359,720 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/04/16 05:37:34 | 000,628,320 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/04/16 05:37:34 | 000,108,466 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/04/16 04:14:44 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/04/16 04:14:44 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/04/16 04:14:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/04/16 04:14:44 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/04/16 04:14:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/04/16 04:14:44 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/04/16 04:14:44 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/04/16 04:14:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/04/16 04:14:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/04/16 04:14:44 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/04/16 04:14:44 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/04/16 04:14:44 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/04/16 04:14:44 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/04/16 04:14:44 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/04/16 04:14:44 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/04/16 04:14:44 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/04/16 04:14:44 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/04/16 04:14:44 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/04/16 04:14:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/04/16 04:14:44 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/04/16 04:14:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/04/16 04:14:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/04/16 04:14:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/04/16 04:14:44 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/04/16 04:14:44 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/04/16 04:14:44 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/04/16 04:14:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/04/16 04:14:44 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/04/16 04:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/04/16 04:14:44 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/04/16 04:14:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/04/16 04:14:44 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/04/16 02:30:30 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/04/16 02:30:30 | 000,007,468 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/04/16 02:30:30 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/04/16 02:25:04 | 119,152,592 | ---- | M] (Symantec Corporation) -- C:\Users\jay\Desktop\NIS-ESD-19-5-1-2-EN.exe
[2012/04/16 00:55:54 | 013,419,382 | ---- | M] () -- C:\Users\jay\AppData\Roaming\SMRBackup250.dat
[2012/04/15 23:14:24 | 006,254,016 | ---- | M] (Symantec Corporation) -- C:\Users\jay\Desktop\NRnR.exe
[2012/04/15 18:11:35 | 000,017,407 | ---- | M] () -- C:\Users\jay\AppData\Local\dt.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========

[2012/05/12 12:37:31 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012/05/05 22:41:20 | 000,002,552 | ---- | C] () -- C:\{C737E9DE-C52B-4975-B279-D239A96AE6FA}
[2012/04/23 23:42:44 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/23 23:42:44 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/23 23:42:44 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/23 23:42:44 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/23 23:42:44 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/22 18:27:22 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 21:33:43 | 000,001,225 | ---- | C] () -- C:\Users\jay\Desktop\Infected Tidserv Activity 4 alert & more - TechSpot Forums.url
[2012/04/16 04:14:44 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/04/16 02:30:30 | 000,007,468 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/04/16 02:30:30 | 000,000,806 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/04/16 02:30:16 | 000,002,687 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/04/16 02:07:42 | 000,131,072 | ---- | C] () -- C:\windows\System32\Ikeext.etl
[2012/04/16 00:54:59 | 013,419,382 | ---- | C] () -- C:\Users\jay\AppData\Roaming\SMRBackup250.dat
[2012/04/15 18:11:35 | 000,017,407 | ---- | C] () -- C:\Users\jay\AppData\Local\dt.dat
[2010/12/17 13:52:09 | 000,000,017 | ---- | C] () -- C:\Users\jay\AppData\Local\resmon.resmoncfg

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/08/28 00:25:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/05/07 05:35:45 | 000,071,250 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/05/12 05:43:43 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/05/12 05:43:45 | 947,912,703 | -HS- | M] () -- C:\pagefile.sys
[2012/04/15 18:15:49 | 000,000,685 | ---- | M] () -- C:\rkill.log
[2012/04/23 22:43:03 | 000,132,786 | ---- | M] () -- C:\TDSSKiller.2.7.32.0_23.04.2012_22.34.30_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011/04/13 16:15:08 | 000,002,568 | ---- | M] () -- C:\{6020E5FC-692A-4091-89F7-A4E26452E367}
[2012/05/05 22:41:22 | 000,002,552 | ---- | M] () -- C:\{C737E9DE-C52B-4975-B279-D239A96AE6FA}

< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/11/27 04:50:22 | 000,117,760 | ---- | M] () -- C:\windows\system32\spool\prtprocs\w32x86\lxcypp5c.dll
[2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 15:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/16 06:19:00 | 000,000,221 | -HS- | M] () -- C:\Users\jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/05/07 03:18:48 | 004,486,107 | R--- | M] (Swearware) -- C:\Users\jay\Desktop\ComboFix.exe
[2012/04/18 23:43:53 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\jay\Desktop\FixZeroAccess.exe
[2009/11/15 16:58:16 | 001,926,844 | ---- | M] () -- C:\Users\jay\Desktop\FLVPlayer.exe
[2012/04/16 02:25:04 | 119,152,592 | ---- | M] (Symantec Corporation) -- C:\Users\jay\Desktop\NIS-ESD-19-5-1-2-EN.exe
[2012/04/15 23:14:24 | 006,254,016 | ---- | M] (Symantec Corporation) -- C:\Users\jay\Desktop\NRnR.exe
[2012/05/12 17:24:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\jay\Desktop\OTL.exe
[2011/08/12 23:30:06 | 001,008,092 | ---- | M] () -- C:\Users\jay\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/05/12 13:42:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/12 16:42:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/12 14:30:37 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-528228499-1645162591-3411178397-1000Core.job
[2012/05/12 17:30:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-528228499-1645162591-3411178397-1000UA.job
[2012/05/12 05:43:54 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/04/19 01:02:38 | 000,032,642 | ---- | M] () -- C:\windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/04/16 06:18:55 | 000,000,402 | -HS- | M] () -- C:\Users\jay\Favorites\desktop.ini
[2011/04/08 23:15:43 | 000,001,318 | -H-- | M] () -- C:\Users\jay\Favorites\helpme_att.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-08 22:55:45

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D287FACF
< End of report >
 
OTL Extras logfile created on: 5/12/2012 5:27:18 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\jay\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 61.42% Memory free
6.63 Gb Paging File | 5.70 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 151.76 Gb Free Space | 67.95% Space Free | Partition Type: NTFS

Computer Name: JAY-PC | User Name: jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034A10A3-D8AC-4DE2-AB4D-6CA4A21E268F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{04BD1381-8900-4F78-9259-505A9E0B4E05}" = rport=139 | protocol=6 | dir=out | app=system |
"{0631153A-7187-40F7-8178-4FFA21BAE99E}" = lport=138 | protocol=17 | dir=in | app=system |
"{18F88929-D382-4BAA-A091-1CB799DA06A9}" = lport=445 | protocol=6 | dir=in | app=system |
"{2ADFA71D-9B9A-4BB3-8F89-1F692B4D1560}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38C9414F-32BB-4363-9F63-8C6FF23B2CE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3C8B8F57-8492-41DB-9275-FD2135FDA80E}" = rport=138 | protocol=17 | dir=out | app=system |
"{44F03EFB-94E9-4C4E-9C9A-AE6586194DAA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4810B4F1-F767-40B8-A8C1-B1E9ED98D0AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5140593A-AA94-4C5E-8C23-DD0433192B47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78FD37DA-9F10-4FD8-8751-A7955CD83DFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79B61346-A30D-49F6-9536-D10F4F15DC01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B372DFF-1FC8-4BD5-88D7-69697D83F441}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7D40FBD5-720C-48FF-89D3-078EAAC2F320}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9559EC48-0DAF-42C0-95E2-51B622212197}" = lport=137 | protocol=17 | dir=in | app=system |
"{99CA6222-44A4-4F5C-B7C8-9ACF4DA2DBB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0CF8D0E-3B18-47D0-A7E4-7D85974280BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{A17799F1-ABDE-47C7-AF54-73A7FA298A99}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B186FC5F-CADA-4312-BA76-41EFEC971CF8}" = rport=445 | protocol=6 | dir=out | app=system |
"{C69DB3CF-C97B-4898-9099-F81968E42180}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7C05792-3737-4395-B7F9-1E8A77FDE0D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{D09805E8-13E4-4E42-B146-B13CF508372F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DBA4EA20-FFF7-488B-BA00-C425DB28347C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E938C7B-2562-497A-B00A-6300F291767B}" = protocol=6 | dir=out | app=system |
"{12E16890-9108-45FD-BBC8-C3456CA30FE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{191A583A-397B-40B2-BD8E-2DA631891096}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{2101E15D-2F75-46FA-925E-7D57C1AE0EAC}" = protocol=17 | dir=in | app=c:\users\jay\appdata\local\temp\7zs116a.tmp\symnrt.exe |
"{2177D8FA-3332-4239-8B5D-24D2B6480A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26819D30-B453-451A-AA19-6DE313663364}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{2C6B5BE7-1209-4B97-8AB6-D3F9A665B213}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2C950DEC-0249-44CA-A056-C75C1CAD02BF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2EAEFD5D-4614-4F84-A5B4-380E7731ED0D}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{398108C3-BC27-4F1F-930D-9D55A2D25C75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3AA27DB1-0D55-48BB-A68E-D5DC8D95B53B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BB1F3A1-49E4-4C47-91AE-A3E50DB3E43A}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{3D4740A7-DB10-4B09-A241-2B3374125B36}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4133B938-C2E8-46A3-BF0E-E7887335BCA5}" = protocol=6 | dir=in | app=c:\users\jay\appdata\local\temp\7zs116a.tmp\symnrt.exe |
"{475FEA4C-D388-46EB-A0D8-57BC30C003A0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{49EEB5FA-7C6D-49B5-AC43-DE460EC01A95}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4F81E08E-0304-4C80-B00A-E5AE07749F26}" = protocol=17 | dir=in | app=c:\users\guest\desktop\videoconvertersetup.exe |
"{51B0EFDA-BD7E-444F-A28D-F0342D2C190C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{57D49571-5818-43B1-8136-2879EC7B9A6C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63449003-9077-48DA-B527-47D8F722CBC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{690A8272-D1A5-40CF-9620-4714EB18E5AC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6A0EDAA6-2382-40AC-BF09-30B367CE5B01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E56384A-25C6-4F91-8311-9BBD3E501826}" = protocol=17 | dir=in | app=c:\users\jay\appdata\local\temp\7zs48ee.tmp\symnrt.exe |
"{74BE4649-8BEA-4D05-8D54-4B39D0C90B14}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7BD1FD68-9CE0-449E-942D-6CDA8522B79C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7CF8D8E1-DC43-4E57-89D4-277ECA8A90E0}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{80FBBCC6-39E5-4E15-9F72-2F5D964EFF16}" = protocol=6 | dir=in | app=c:\users\guest\desktop\videoconvertersetup.exe |
"{858BED9D-7EA3-4444-9AED-1C890E2F1C2E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87BCB318-E129-4B98-B8C1-8E78D8E8980E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{882D13DB-6110-4A99-A9C3-0F418CF4E349}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9380D733-BB4C-45C2-88FA-7EDEEDE45BBF}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{944908F5-C61B-4C75-99C1-13CBE5B9B74B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{981CAD1F-E5DD-4EDE-B6D3-4389155AB847}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE507100-F779-487D-B127-872DCA2915E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AEFE25E4-CF9A-49F6-86C2-05CA4144FA86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFB76395-6516-463E-9C6A-7658FC5DB193}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5AEF1F4-6D35-425E-AC30-B4FC149BAA15}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B7115F82-9017-4D64-ACEE-B5FF3677DC6F}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{D6062D25-3492-4687-9823-35EFFAC1E784}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1748EF9-5155-400C-9B4F-AE0CCA32409A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB3FFE26-3AFF-4F1E-9F77-5E8F27786E8E}" = protocol=6 | dir=in | app=c:\users\jay\appdata\local\temp\7zs48ee.tmp\symnrt.exe |
"{EF869791-06FB-4073-A22E-923AD3C452FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3AA969E-A05F-44ED-A397-3F8445AFA197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6087465-5C00-4F09-9550-06027024FAAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FECEADC3-AD49-426A-8024-5A4FA54F0111}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{21C956B7-8097-4715-A76A-5E248DFBBD5F}C:\users\jay\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\jay\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{4279247A-2E98-46D6-82AD-9AE34A056DCE}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{52765721-A678-43A9-A1AA-996C7A9F0903}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{A5FFC0AC-7058-406B-984F-537ADFB6AC62}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{C94863E4-3EED-4394-A7CC-47F81173E313}C:\users\jay\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\jay\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{CAD51537-A180-4490-BBAB-C6D4FC4C7582}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{159211EA-3E58-42BE-BCDE-D5E89B8A8B07}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{182FE7F9-F770-45EC-ADE8-190578032D6B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{2F78F0AD-3A5B-4CDB-AD45-895EE6D416C6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CD499B98-4D4A-48B2-8E7B-B53D9B9417B7}C:\users\jay\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\jay\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{E5E7CC7F-F213-47A5-B21A-A15EB02E93DE}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{FD189261-8548-4EFF-B448-3FAED0E3E6DB}C:\users\jay\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\jay\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{07F06112-52DC-48D5-B3B9-8D1D07DE2D32}" = Berry Extract
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD207C2C-A7FF-332A-AC85-5A5ACED6F31B}" = Google Talk Plugin
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATT-SST" = AT&T Service & Support Tool
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BFGC" = Big Fish Games: Game Manager
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Haunted Hotel II - Believe the Lies" = Haunted Hotel II: Believe the Lies
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Freecorder4.12B" = Freecorder 4
"Hidden Mysteries Vampire Secrets" = Hidden Mysteries Vampire Secrets
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Lexmark 3400 Series" = Lexmark 3400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"vReveal" = vReveal
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT086074" = Wizard Land
"WT087649" = Bubble Shooter Premium Edition
"WT087880" = My Life Story
"WT087969" = Mall-A-Palooza
"WT088626" = Massive Assault
"WTA-0a8249da-6e99-4ae0-ad59-38d1f5f054a1" = Atomaders
"WTA-53c251a2-8800-4bb4-afd1-d3836c1fc123" = Alien Sky
"WTA-6fd5e169-3be5-4f7e-9a3a-fcdc9d5f7621" = Island Wars 2
"WTA-acd802ac-7dfe-408e-bf33-4efd9bd8acfe" = Magic Academy
"WTA-af15006a-6b05-4cb4-a3e0-89c4eda1cc1b" = Fish Tycoon
"WTA-c3d6d41c-3e58-4ef0-8cd0-74ec14eddc43" = Westward
"WTA-c628f4a3-edfe-4684-8eae-0ef080e05cb1" = G.H.O.S.T. Hunters The Haunting of Majesty Manor
"WTA-f3608fe5-e8dc-4297-bd8f-c21a45f442b3" = Empress of the Deep - The Darkest Secret
"WTA-f551e198-bc79-49ae-af3c-fa04c4fb2ba0" = Feelers
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-528228499-1645162591-3411178397-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"SOE-EverQuest II Extended" = EverQuest II Extended

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
I forgot to mention something else that has been happening (buggy) since going through all these steps... I keep getting a notification from Windows something something (has a star in its graphics) that my windows is not an authentic version or some sort. This is the original OS that came with the computer, so I don't know what that's all about either.
 
Whenever you have a chance, get a can of compressed air, turn the laptop off and clean well all vents.

You can also disable CCC from starting. You don't need it running.

=======================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D287FACF

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===============================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===========================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I forgot to mention something else that has been happening (buggy) since going through all these steps... I keep getting a notification from Windows something something (has a star in its graphics) that my windows is not an authentic version or some sort. This is the original OS that came with the computer, so I don't know what that's all about either.
Click to expand...
It should give you an option to re-validate Windows.
 
Not a problem.... I ran the OTL in first step... ran fine, asked for the reboot.... when it rebooted comp found a problem while booting and did a CHKDSK. Once that was done and it went to desktop there was no log... as a matter of fact OTL was not on my desktop any longer. My AV was totally turned off. There are however a couple other new icons on desktop that I'm almost positive weren't there before, no idea what they are... here's the names: vReveal.settings.xml, desktop.ini (two of this same icon)... where do I go from here? Try and download OTL again and try that step once more?
 
Download OTL again and run the fix from Safe Mode.

As for those files....
Open Windows Explorer. Go Tools>Folder options>View tab and checkmark "Hide protected operating system files".
 
Am still with you Broni, sorry... work again limits my time I can resolve this issue. Will be on tomorrow though to finish this up hopefully.
 
Just FYI before I start posting... Somehow my Norton AV crashed and it says I've got to uninstall and reinstall. Guess I'll hold off on that since it will take more time until we're done... unless you say otherwise.

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-528228499-1645162591-3411178397-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D287FACF
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
540
Mark Fuller
M
R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
3K
Broni
Broni
Squid Surprise
Threadripper 7980x Build - occasional black screen?
Replies
5
Views
195
Squid Surprise
Squid Surprise

Latest posts

Back