laralara

Honorary Members

View Profile See their activity

Posts
60
Joined
September 16, 2012
Last visited
April 12, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by laralara

error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

ComboFix 12-11-20.02 - sharon 11/20/2012 8:51.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1049 [GMT -8:00] Running from: c:\documents and settings\sharon\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_ctypes.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_elementtree.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_hashlib.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_socket.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_ssl.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\pyexpat.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\pysqlite2._sqlite.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\python26.dll c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\pythoncom26.dll c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\PyWinTypes26.dll c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\select.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\unicodedata.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32api.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32com.shell.shell.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32crypt.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32event.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32file.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32inet.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32pdh.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32process.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32profile.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32security.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32ts.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\windows._cacheinvalidation.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._controls_.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._core_.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._gdi_.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._html2.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._misc_.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._windows_.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._wizard.pyd c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxbase293u_net_vc.dll c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxbase293u_vc.dll c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxmsw293u_adv_vc.dll c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxmsw293u_core_vc.dll c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxmsw293u_html_vc.dll c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxmsw293u_webview_vc.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_ctypes.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_elementtree.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_hashlib.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_socket.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_ssl.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\pyexpat.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\pysqlite2._sqlite.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\python26.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\pythoncom26.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\PyWinTypes26.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\select.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\unicodedata.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32api.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32com.shell.shell.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32crypt.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32event.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32file.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32inet.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32pdh.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32process.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32profile.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32security.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32ts.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\windows._cacheinvalidation.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._controls_.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._core_.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._gdi_.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._html2.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._misc_.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._windows_.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._wizard.pyd c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxbase293u_net_vc.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxbase293u_vc.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxmsw293u_adv_vc.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxmsw293u_core_vc.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxmsw293u_html_vc.dll c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxmsw293u_webview_vc.dll . . ((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 ))))))))))))))))))))))))))))))) . . 2012-11-19 21:51 . 2012-11-19 21:51 -------- d-----w- c:\documents and settings\sharon\Local Settings\Application Data\Programs 2012-11-19 04:53 . 2012-11-19 04:53 -------- d-----w- c:\documents and settings\sharon\Local Settings\Application Data\Nero 2012-11-19 04:52 . 2012-11-19 04:52 -------- d-----w- c:\documents and settings\sharon\Application Data\Nero 2012-11-19 04:40 . 2012-11-19 04:59 -------- d-----w- c:\program files\Nero 2012-11-19 04:39 . 2012-11-19 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2012-11-19 04:23 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2012-11-19 04:23 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2012-11-19 04:22 . 2008-10-15 14:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-11-19 04:22 . 2007-07-20 02:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2012-11-16 21:38 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 21:38 . 2012-11-16 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-16 15:38 . 2012-11-16 15:38 -------- d-----w- C:\_OTL 2012-11-15 23:32 . 2012-11-15 23:32 -------- d-----w- c:\documents and settings\sharon\Application Data\Malwarebytes 2012-11-15 23:32 . 2012-11-15 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-15 16:51 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-11-15 16:51 . 2012-11-15 16:51 -------- d-----w- C:\0d061fbcac79d09e9bb124cf52ce 2012-11-15 16:45 . 2012-11-15 16:46 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-15 16:41 . 2012-11-15 16:41 -------- d-----w- c:\documents and settings\sharon\Application Data\PCToolsFirewallPlus 2012-11-15 16:39 . 2011-03-02 20:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2012-11-15 16:39 . 2010-03-29 19:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2012-11-15 16:39 . 2011-01-17 17:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-11-15 16:37 . 2012-11-20 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2012-11-15 16:37 . 2012-11-15 16:39 -------- d-----w- c:\program files\Common Files\PC Tools 2012-11-15 16:37 . 2011-01-12 18:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2012-11-15 16:37 . 2010-07-08 16:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys 2012-11-15 16:37 . 2010-02-05 16:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys 2012-11-15 16:37 . 2011-01-17 16:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2012-11-15 16:37 . 2012-11-15 16:41 -------- d-----w- c:\program files\PC Tools Firewall Plus 2012-11-15 06:44 . 2012-11-15 06:44 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-02 14:35 . 2012-11-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake 2012-11-02 14:34 . 2012-11-02 14:35 -------- d-----w- c:\program files\Freemake 2012-11-01 16:19 . 2012-04-09 07:40 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2012-11-01 16:13 . 2012-11-01 16:13 -------- d-----w- c:\program files\Common Files\xing shared 2012-11-01 15:47 . 2012-11-01 15:47 -------- d-----w- c:\documents and settings\sharon\Application Data\Digiarty 2012-11-01 15:47 . 2012-11-01 15:47 -------- d-----w- c:\program files\Digiarty . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 06:44 . 2008-10-25 16:59 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-11-15 06:44 . 2012-07-24 03:50 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-15 06:44 . 2010-08-13 02:52 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-08 18:00 . 2012-11-20 06:53 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F046AAC1-CB4C-43E4-A4B7-93B886C7E4AD}\mpengine.dll 2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-17 09:32 . 2012-11-19 04:38 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-10 07:22 . 2012-05-05 16:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 07:22 . 2011-05-21 01:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-10 07:22 . 2012-10-10 06:22 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-21 14:50 . 2012-09-14 16:47 105088 ----a-w- c:\windows\system32\drivers\av5flt.sys 2012-08-31 06:03 . 2012-08-31 06:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-11-06 19:52 . 2012-11-06 19:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn9\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-10-25 16052192] "12F9BEC1EC6BE2D5615C75033DB928BBBB2922E8._service_run"="c:\documents and settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-11-14 1248360] "MusicManager"="c:\documents and settings\sharon\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-09-29 12105344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-11-01 296096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-03 1406248] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] . c:\documents and settings\sharon\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^sharon^Start Menu^Programs^Startup^Seagate NA0JGNRB Product Registration.lnk] path=c:\documents and settings\sharon\Start Menu\Programs\Startup\Seagate NA0JGNRB Product Registration.lnk backup=c:\windows\pss\Seagate NA0JGNRB Product Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator] 2012-09-29 04:44 12105344 ----a-w- c:\program files\Microsoft Lync\communicator.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService] 2006-11-23 05:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-11-08 07:56 166424 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-11-08 07:56 141848 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-11-08 07:56 137752 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-10-25 03:57 16855552 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor] 2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Lync\\communicator.exe"= "c:\\Program Files\\Microsoft Lync\\UcMapi.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [5/8/2006 9:46 AM 4064] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/15/2012 8:39 AM 251560] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/16/2012 1:38 PM 399432] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [11/15/2012 8:39 AM 160576] R2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files\Seagate Replica\bin\ReplicaSysMon.exe [3/31/2011 11:46 AM 416208] R2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe [3/31/2011 11:46 AM 1947600] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/16/2012 1:38 PM 22856] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [11/15/2012 8:37 AM 89472] R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [11/15/2012 8:37 AM 57536] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [11/15/2012 8:37 AM 125248] S0 jrvtbk;jrvtbk;c:\windows\system32\drivers\tguv.sys --> c:\windows\system32\drivers\tguv.sys [?] S0 pkixkats;pkixkats;c:\windows\system32\drivers\uijs.sys --> c:\windows\system32\drivers\uijs.sys [?] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/16/2012 1:38 PM 676936] S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 2:55 PM 39424] S3 Ftdippk2sacs;Ftdippk2sacs; [x] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [11/15/2012 8:37 AM 57536] S3 Pdrprsp;Pdrprsp; [x] S3 RDID1059;Cakewalk Music Connector 1;c:\windows\system32\drivers\Rdwm1059.sys [10/21/2006 5:24 PM 66674] S3 Wptaontfhm;Wptaontfhm; [x] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 07:22] . 2012-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004Core.job - c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004UA.job - c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55] . 2012-11-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 01:25] . 2012-11-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-790525478-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27] . 2012-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-790525478-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=1 uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.1.254 DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab? FF - ProfilePath - c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-tyc8 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p= FF - ExtSQL: 2012-11-01 09:13; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - ExtSQL: 2012-11-02 07:35; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: !HIDDEN! 2009-09-02 06:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-20 09:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Svc] "ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3696) c:\windows\system32\WININET.dll c:\program files\Google\Drive\googledrivesync32.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\PC Tools Firewall Plus\FWService.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\dllhost.exe c:\windows\system32\SearchIndexer.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\program files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe c:\program files\Seagate Replica\bin\Seagate-Replica-Tray.exe c:\windows\system32\dllhost.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\windows\system32\rundll32.exe c:\windows\system32\msdtc.exe . ************************************************************************** . Completion time: 2012-11-20 09:42:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-20 17:42 . Pre-Run: 433,571,880,960 bytes free Post-Run: 434,471,247,872 bytes free . - - End Of File - - EC42DFE41B905D008659F9C3164152DD
- November 20, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

========== OTL ========== Registry value HKEY_USERS\S-1-5-21-515967899-790525478-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_USERS\S-1-5-21-515967899-790525478-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Google Search\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Backward Links\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English\ deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully. OTL by OldTimer - Version 3.2.69.0 log created on 11202012_083822
- November 20, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

OTL log attached OTL.Txt
- November 20, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I did do the HJT "fix checked" first....
- November 20, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I shut down and restarted the computer and the third time I did it, it took a while to start and then I got the error code 2 again. This is how it usually is, it doesn't happen all the time, and there's no specific pattern to it that I can tell.
- November 20, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I'm sorry but I just can't find a single one of those files you asked me to uninstall in the device manager folder even after expanding everything...I looked through it several times Also, I forgot to tell you, but I installed Nero 10 Multimedia Suite last night because I have to make something with it. I hope that didn't affect anything. I was able to run HJTexe though and here is the log file: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:19:02 AM, on 11/19/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Google\Drive\googledrivesync.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\sharon\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [12F9BEC1EC6BE2D5615C75033DB928BBBB2922E8._service_run] "C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148495998140 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://74.62.238.180//activex/AMC.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab? O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Seagate Replica System Monitor (ReplicaSysMon) - Seagate Technology LLC - C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Seagate Replica Service (Seagate-Replica-Svc) - Seagate Technology LLC - C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 18188 bytes
- November 19, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Ok, thanks for the heads up, i can't seem to get the notifications to work, so I have to keep checking.
- November 19, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Ran the OTL Quick scan, checked "scan all users" Here is the log file: OTL logfile created on: 11/18/2012 4:50:49 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sharon\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.30% Memory free 3.83 Gb Paging File | 3.08 Gb Available in Paging File | 80.37% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 931.51 Gb Total Space | 408.03 Gb Free Space | 43.80% Space Free | Partition Type: NTFS Computer Name: SHUTTLE | User Name: sharon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/15 20:12:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sharon\Desktop\OTL.exe PRC - [2012/11/14 22:44:11 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/11/13 18:56:29 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2012/11/01 08:12:50 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe PRC - [2012/10/25 14:45:50 | 016,052,192 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/01/20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2010/06/08 15:38:02 | 001,710,544 | --S- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe PRC - [2010/06/08 15:37:54 | 001,947,600 | --S- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe PRC - [2010/06/08 15:29:34 | 000,416,208 | --S- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe PRC - [2010/06/08 15:26:16 | 000,985,600 | --S- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2009/02/03 05:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/11/18 12:22:47 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32api.pyd MOD - [2012/11/18 12:22:47 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\_elementtree.pyd MOD - [2012/11/18 12:22:47 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\_socket.pyd MOD - [2012/11/18 12:22:46 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\pysqlite2._sqlite.pyd MOD - [2012/11/18 12:22:46 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32ts.pyd MOD - [2012/11/18 12:22:45 | 001,024,024 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\windows._cacheinvalidation.pyd MOD - [2012/11/18 12:22:45 | 000,792,576 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\wx._gdi_.pyd MOD - [2012/11/18 12:22:45 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32com.shell.shell.pyd MOD - [2012/11/18 12:22:45 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\wx._html2.pyd MOD - [2012/11/18 12:22:45 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32crypt.pyd MOD - [2012/11/18 12:22:44 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\_ctypes.pyd MOD - [2012/11/18 12:22:44 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32profile.pyd MOD - [2012/11/18 12:22:43 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\wx._misc_.pyd MOD - [2012/11/18 12:22:43 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\pythoncom26.dll MOD - [2012/11/18 12:22:41 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\PyWinTypes26.dll MOD - [2012/11/18 12:22:40 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32security.pyd MOD - [2012/11/18 12:22:39 | 000,645,120 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\_ssl.pyd MOD - [2012/11/18 12:22:38 | 001,169,408 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\wx._core_.pyd MOD - [2012/11/18 12:22:38 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32process.pyd MOD - [2012/11/18 12:22:38 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32pdh.pyd MOD - [2012/11/18 12:22:37 | 000,311,808 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\_hashlib.pyd MOD - [2012/11/18 12:22:36 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\wx._windows_.pyd MOD - [2012/11/18 12:22:35 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\wx._wizard.pyd MOD - [2012/11/18 12:22:35 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32file.pyd MOD - [2012/11/18 12:22:35 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32inet.pyd MOD - [2012/11/18 12:22:31 | 001,056,256 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\wx._controls_.pyd MOD - [2012/11/18 12:22:31 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\win32event.pyd MOD - [2012/11/18 12:22:30 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\unicodedata.pyd MOD - [2012/11/18 12:22:30 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\pyexpat.pyd MOD - [2012/11/18 12:22:30 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\temp\_MEI31162\select.pyd MOD - [2012/11/14 13:26:03 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll MOD - [2012/11/14 13:15:14 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\06cf816caaf03dc1d3f8945e335c5105\System.Runtime.Remoting.ni.dll MOD - [2012/11/14 13:15:11 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll MOD - [2012/11/14 13:15:10 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll MOD - [2012/11/14 12:32:16 | 006,801,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\10d438828eea240d30d9a98b53f0f6c8\System.Data.ni.dll MOD - [2012/11/14 12:32:05 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll MOD - [2012/11/14 12:32:00 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll MOD - [2012/11/14 12:31:54 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll MOD - [2012/11/14 12:31:52 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll MOD - [2012/11/14 12:31:42 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll MOD - [2012/11/14 12:31:32 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll MOD - [2012/11/14 12:31:24 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll MOD - [2012/11/14 12:23:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll MOD - [2012/11/14 12:18:17 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MOD - [2012/11/14 12:18:01 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MOD - [2012/11/14 12:15:49 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012/11/14 12:15:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012/11/14 12:15:47 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012/11/14 12:15:40 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012/11/14 12:15:40 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012/11/14 12:15:38 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2012/11/14 12:15:37 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012/11/14 12:15:36 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012/11/14 12:15:33 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2012/11/14 12:15:25 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011/03/13 21:14:30 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2011/03/13 21:14:30 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2011/03/13 21:14:29 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2011/03/13 21:14:28 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2011/03/13 21:14:28 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2011/03/13 21:14:28 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2011/03/13 21:14:28 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2011/03/13 21:14:28 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MOD - [2011/03/13 21:14:28 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2011/03/13 21:14:28 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MOD - [2011/03/13 21:14:27 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/05/03 19:39:34 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/05/03 19:39:33 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2010/05/03 19:39:32 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2010/05/03 19:39:31 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/05/03 19:39:31 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/05/03 19:39:30 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2010/05/03 19:39:30 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2010/05/03 19:39:29 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2010/05/03 19:39:28 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/05/03 19:39:28 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2009/11/14 21:03:46 | 000,624,640 | --S- | M] () -- C:\Program Files\Seagate Replica\bin\QtSqlRebit4.dll MOD - [2009/11/14 21:03:24 | 007,589,888 | --S- | M] () -- C:\Program Files\Seagate Replica\bin\QtGuiRebit4.dll MOD - [2009/11/14 20:50:06 | 002,038,272 | --S- | M] () -- C:\Program Files\Seagate Replica\bin\QtCoreRebit4.dll MOD - [2009/11/14 20:12:54 | 000,062,464 | --S- | M] () -- C:\Program Files\Seagate Replica\bin\zlib1.dll MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2009/03/28 20:52:56 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2009/03/28 20:52:54 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2009/03/28 20:52:54 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2009/03/28 20:52:54 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2009/03/28 20:52:53 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2009/03/28 20:52:53 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2009/03/28 20:52:53 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2009/03/28 20:52:53 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2009/03/28 20:52:52 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2009/03/28 20:48:42 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll MOD - [2009/03/28 20:48:41 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MOD - [2009/03/28 20:48:39 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll MOD - [2009/03/28 20:48:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll MOD - [2009/03/28 20:48:39 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll MOD - [2009/03/28 20:48:38 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (Ftdippk2sacs) SRV - [2012/11/14 22:44:11 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/11/06 11:52:22 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/09 23:22:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus) SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/06/08 15:37:54 | 001,947,600 | --S- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe -- (Seagate-Replica-Svc) SRV - [2010/06/08 15:29:34 | 000,416,208 | --S- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe -- (ReplicaSysMon) SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Wptaontfhm) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\sfsync04.sys -- (sfsync04) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\uijs.sys -- (pkixkats) DRV - File not found [File_System | On_Demand | Stopped] -- -- (Pdrprsp) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\tguv.sys -- (jrvtbk) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent) DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw) DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter) DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP) DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis) DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009/08/14 05:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/08/14 05:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/10/16 14:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002) DRV - [2007/10/31 22:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007/03/07 15:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2007/03/07 15:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2006/03/26 04:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2006/03/13 01:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2006/03/10 14:55:18 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM) DRV - [2005/12/20 11:42:42 | 000,009,600 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2005/08/03 17:19:00 | 000,066,674 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1059.sys -- (RDID1059) DRV - [2004/08/12 18:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/05/17 21:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Dgivecp.Sys -- (DgiVecp) DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar) DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2415}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=415&sr=0&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{0E77C72F-C91E-4301-95A4-1B503B1D14B8}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{1BE96C63-ED2E-444D-A3B8-2035799CEE83}: "URL" = http://www.google.com/search?hl=en&q={searchTerms} IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{2E62C33C-D582-4E6C-8AFD-C51D6876588C}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{3302F0D6-194B-4132-9CAB-B965CBF7DA35}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms} IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{3C86F2F5-CBE3-4D63-BC31-245352005B9F}: "URL" = http://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{7A7AA03B-5CFB-4C9A-8C90-66A30AEF7D9A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2415}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=415&sr=0&q={searchTerms} IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{E7C1E705-A44B-4436-AFAF-DB5A485CD64E}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\SearchScopes\{E97FE316-EA8E-7A57-3B26-D5A0B88D26F9}: "URL" = http://www.whitesmokestart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo!&cfg=2-267-0-2jQ1g IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-515967899-790525478-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultEngine: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8" FF - prefs.js..browser.search.param.yahoo-type: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-tyc8" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121011034613 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\sharon\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\sharon\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2008/11/07 10:26:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/27 17:44:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/01 08:13:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/11/02 06:35:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/06 11:52:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/14 12:21:21 | 000,000,000 | ---D | M] [2012/03/12 09:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sharon\Application Data\Mozilla\Extensions [2012/10/23 18:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions [2010/05/10 18:28:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/10 18:28:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012/10/12 15:27:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/08/29 12:57:46 | 000,199,396 | ---- | M] () (No name found) -- C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011/09/13 15:19:07 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\searchplugins\dictionary.xml [2012/11/06 11:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/06 11:52:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2004/11/12 19:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll [2012/09/28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2007/06/01 12:25:00 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll [2012/11/01 08:12:56 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2006/06/29 13:19:28 | 000,053,248 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll [2012/08/29 08:15:27 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/17 14:46:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://bing.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://bing.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.14\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.14\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.14\pdf.dll CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\sharon\Application Data\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\sharon\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Adobe ESD Manager Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: Microsoft Lync 2010 Meeting Join Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Angry Birds = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Amazon\u2122 Search Widget [aNTP] = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aladlaiimdhbkokamdceohdfkfelgfei\1.7_0\ CHR - Extension: TooManyTabs for Chrome = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.2_0\ CHR - Extension: Google Drive = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Turn Off the Lights = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.16_0\ CHR - Extension: Graphing Calculator by Desmos.com = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\ CHR - Extension: Amazon Shortcut Tile [aNTP] = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjeanekjfjdkafclagpfpoadfhjfchgg\0.0.2_0\ CHR - Extension: YouTube = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: HelloFax - Free Online Faxing & Signing = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.1_0\ CHR - Extension: Google Search = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google News = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\ CHR - Extension: Ultimate Google Docs Viewer = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edgbhipncfdgcekflcoelhmnkcfdfjcl\0.8.4.7_0\ CHR - Extension: Box - 5 GB Free Storage = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\ CHR - Extension: YoWindow Weather = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.41_0\ CHR - Extension: Pandora = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\ CHR - Extension: New Doc = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgegfncbeikiknoffapmeaenbefalfen\1.8_0\ CHR - Extension: AdBlock = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\ CHR - Extension: Google+ Shortcut Tile [aNTP] = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gobepigbfmbjihilkkodadikfefimiha\0.0.3_0\ CHR - Extension: Awesome Weather Widget [ANTP] = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc\2012.146.7.0_0\ CHR - Extension: Flixster = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\ CHR - Extension: Most Visited Widget [ANTP] = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hicblkhlhbgilfammofcembdhklfppmk\0.1.3_0\ CHR - Extension: Cloud Reader = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\ CHR - Extension: Pixlr Editor = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\ CHR - Extension: Batman Dark Knight Rises theme 1280x800 = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jahiecoaghpdhddabdjmgmghglhnfmdo\1.2_0\ CHR - Extension: Downloads = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Youtube search widget [aNTP] = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjiebkkdnganciijgjbfnbbdiblkaaii\0.0.4_0\ CHR - Extension: Auto Replay for YouTube = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\ CHR - Extension: InstallFree Nexus with Microsoft Office = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kkbdmlhfkcpbokoofbgohenkmpohfnpe\1.0.3_0\ CHR - Extension: Little Alchemy = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\ CHR - Extension: Auto HD For YouTube = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\3.3_0\ CHR - Extension: Flixster Movies = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbmgohiblmcjpjjcdklpdjnjonpdhkco\1.7.2_0\ CHR - Extension: Checker Plus for Google Reader\u2122 = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbmpmiibbncadgagnfcloaeilfhomemb\2.2_0\ CHR - Extension: FVD Video Downloader = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.4.0_0\ CHR - Extension: Google Maps = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\ CHR - Extension: Google Mail Checker Plus Classic = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcalakneigcblgalgpgbanhcmglpjjej\1.0_0\ CHR - Extension: WeatherBug = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mekeaeklopjambfhgndcddmpfbinkdpb\1.4_0\ CHR - Extension: Google Dictionary (by Google) = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\ CHR - Extension: Awesome New Tab Page = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2012.146.7.0_0\ CHR - Extension: Awesome Gmail Widget [ANTP] = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhabakfdiogoaohibmllhdngghgeiofm\1.1.1.1_0\ CHR - Extension: FastestChrome - Browse Faster = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.9.8_0\ CHR - Extension: Calulator Widget [aNTP] = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnegnogmdmccelhibehpmakmkiibinil\1.0.0_0\ CHR - Extension: Jolicloud = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo\1.3.3_0\ CHR - Extension: SkyDrive = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk\1.0.3_0\ CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Reader Checker = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oaeemlcgfejmkohaddjlhnmaneccmbfb\0.2.3_0\ CHR - Extension: Checker Plus for Gmail\u2122 = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\10.8_0\ CHR - Extension: Google Reader = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\ CHR - Extension: Gmail = C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/11/14 14:25:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll () O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-515967899-790525478-682003330-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-515967899-790525478-682003330-1004..\Run: [12F9BEC1EC6BE2D5615C75033DB928BBBB2922E8._service_run] C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-515967899-790525478-682003330-1004..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-515967899-790525478-682003330-1004..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-515967899-790525478-682003330-1004..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKU\S-1-5-21-515967899-790525478-682003330-1004..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\sharon\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-515967899-790525478-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-515967899-790525478-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-515967899-790525478-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-515967899-790525478-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google Search - Reg Error: Value error. File not found O8 - Extra context menu item: &Translate English Word - Reg Error: Value error. File not found O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2011/12/08 20:23:34 | 000,000,000 | ---D | M] O8 - Extra context menu item: Backward Links - Reg Error: Value error. File not found O8 - Extra context menu item: Cached Snapshot of Page - Reg Error: Value error. File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Similar Pages - Reg Error: Value error. File not found O8 - Extra context menu item: Translate Page into English - Reg Error: Value error. File not found O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2011/12/08 20:23:34 | 000,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2011/12/08 20:23:34 | 000,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2011/12/08 20:23:34 | 000,000,000 | ---D | M] O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-515967899-790525478-682003330-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKU\S-1-5-21-515967899-790525478-682003330-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab (Windows Live Safety Center Base Module) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148495998140 (MUWebControl Class) O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://74.62.238.180//activex/AMC.cab (AxisMediaControl Class) O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} http://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A8F6FFB-E926-41E2-BB5F-4AFD048FFAB1}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\sharon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\sharon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/05/06 16:17:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/03/27 14:10:40 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/16 13:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/16 13:38:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/11/16 13:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/16 07:38:11 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/15 20:11:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sharon\Desktop\OTL.exe [2012/11/15 15:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\Application Data\Malwarebytes [2012/11/15 15:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/11/15 09:06:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/11/15 08:51:08 | 000,000,000 | ---D | C] -- C:\0d061fbcac79d09e9bb124cf52ce [2012/11/15 08:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/11/15 08:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\Application Data\PCToolsFirewallPlus [2012/11/15 08:39:21 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2012/11/15 08:39:21 | 000,160,576 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2012/11/15 08:39:19 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2012/11/15 08:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/11/15 08:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Firewall Plus [2012/11/15 08:37:40 | 000,089,472 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys [2012/11/15 08:37:40 | 000,057,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys [2012/11/15 08:37:40 | 000,032,808 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys [2012/11/15 08:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012/11/15 08:37:39 | 000,125,248 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys [2012/11/15 08:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus [2012/11/14 13:18:04 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/11/14 13:08:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/11/11 13:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\Desktop\Cancer Summit 2012 [2012/11/06 11:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/11/06 07:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\Application Data\SUPERAntiSpyware.com [2012/11/05 11:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\My Documents\New Folder (5) [2012/11/05 11:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\Desktop\slideshow stuff [2012/11/05 04:27:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\sharon\My Documents\Freemake_do_not_remove_this_folder634876864743750000 [2012/11/02 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\sharon\My Documents\Freemake_do_not_remove_this_folder634874403511093750 [2012/11/02 06:36:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\sharon\My Documents\Freemake_do_not_remove_this_folder [2012/11/02 06:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\My Documents\Freemake [2012/11/02 06:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\Start Menu\Programs\Freemake [2012/11/02 06:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake [2012/11/02 06:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Freemake [2012/11/02 06:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012/11/01 08:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow [2012/11/01 08:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012/11/01 08:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks [2012/11/01 07:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sharon\Application Data\Digiarty [2012/11/01 07:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digiarty [2012/11/01 07:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/18 16:58:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/11/18 16:38:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004UA.job [2012/11/18 16:22:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/11/18 12:32:08 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/11/18 12:32:03 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012/11/18 12:26:49 | 000,506,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/11/18 12:26:49 | 000,088,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/11/18 12:23:09 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/11/18 12:22:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-790525478-682003330-1004.job [2012/11/18 12:22:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/11/18 12:22:00 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys [2012/11/18 12:22:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/16 13:38:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/15 20:12:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sharon\Desktop\OTL.exe [2012/11/15 18:45:16 | 000,080,966 | ---- | M] () -- C:\Documents and Settings\sharon\Desktop\hull dday.jpg [2012/11/15 13:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/11/15 09:46:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/11/15 08:48:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/11/14 23:08:27 | 000,549,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/11/14 14:41:19 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/11/14 14:41:18 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\sharon\Desktop\Google Chrome.lnk [2012/11/14 14:25:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/11/14 13:18:09 | 000,000,354 | RHS- | M] () -- C:\boot.ini [2012/11/14 12:19:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/11/14 09:38:09 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2012/11/13 17:18:38 | 000,088,236 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2012/11/12 11:54:06 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-790525478-682003330-1004.job [2012/11/10 02:38:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004Core.job [2012/11/07 10:53:41 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\sharon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/02 07:33:37 | 023,247,936 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\20121004172713f (1).avi [2012/11/02 07:12:43 | 023,247,936 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\20121004172713f.avi [2012/11/02 07:03:48 | 023,298,868 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\20121004172713.avi [2012/11/02 06:35:17 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk [2012/11/01 08:12:52 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012/10/28 11:25:43 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/16 13:38:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/16 13:34:07 | 2138,296,320 | -HS- | C] () -- C:\hiberfil.sys [2012/11/15 18:45:16 | 000,080,966 | ---- | C] () -- C:\Documents and Settings\sharon\Desktop\hull dday.jpg [2012/11/15 08:55:54 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/11/15 08:55:52 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012/11/15 08:48:24 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2012/11/15 08:45:58 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/11/14 13:18:09 | 000,000,238 | ---- | C] () -- C:\Boot.bak [2012/11/14 13:18:06 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/11/02 07:32:03 | 023,247,936 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\20121004172713f (1).avi [2012/11/02 07:11:19 | 023,247,936 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\20121004172713f.avi [2012/11/02 07:01:54 | 023,298,868 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\20121004172713.avi [2012/11/02 06:35:17 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk [2012/11/01 08:26:54 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-790525478-682003330-1004.job [2012/11/01 08:26:53 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-790525478-682003330-1004.job [2012/11/01 08:19:41 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012/05/25 22:09:23 | 000,235,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/02/16 11:24:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/31 00:00:02 | 002,473,306 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-790525478-682003330-1004-0.dat [2012/01/30 23:59:59 | 000,399,010 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/01/30 21:54:13 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2012/01/05 17:36:46 | 000,037,908 | ---- | C] () -- C:\Documents and Settings\sharon\Application Data\Comma Separated Values (DOS).ADR [2009/07/21 16:27:36 | 000,008,627 | ---- | C] () -- C:\Documents and Settings\sharon\PAV_FOG.OPC [2009/04/26 09:39:14 | 000,079,725 | ---- | C] () -- C:\Documents and Settings\sharon\daniel hye sierra.jpg [2007/02/20 15:44:24 | 000,180,265 | ---- | C] () -- C:\Documents and Settings\sharon\.fonts.cache-1 [2006/06/12 13:41:32 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\sharon\default.pls [2006/05/24 15:42:33 | 000,001,354 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/05/07 09:45:25 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\sharon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/05/07 09:45:25 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\sharon\Local Settings\Application Data\fusioncache.dat [2006/05/07 09:27:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sharon\Application Data\dm.ini ========== ZeroAccess Check ========== [2008/03/23 16:21:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/09/25 15:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2006/05/08 07:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software [2006/05/07 10:49:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2012/09/21 07:37:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/11/02 06:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake [2011/09/20 17:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic [2012/09/25 15:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/05/07 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2006/05/07 11:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2012/01/20 01:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Software [2008/03/01 15:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel [2008/03/03 11:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC [2012/11/18 12:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/01/14 20:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2 [2012/11/16 07:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i [2010/04/05 18:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity [2010/06/22 17:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/13 15:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2012/09/25 15:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jun\Application Data\TuneUp Software [2012/09/25 10:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jun\Application Data\Windows Desktop Search [2012/09/25 06:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\Windows Desktop Search [2006/05/07 09:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Acronis [2009/08/03 09:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Amazon [2012/06/12 14:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\calibre [2012/07/09 14:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Canon [2009/11/01 18:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Costco Photo Organizer [2009/11/01 18:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Costco Photo Viewer US [2011/07/27 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\DDMSettings [2012/11/01 07:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Digiarty [2012/02/04 11:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Dropbox [2006/05/29 20:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\FileMaker [2011/02/10 09:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Free-backup.info [2009/07/17 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\GetRightToGo [2009/05/21 20:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\GrabPro [2007/01/18 13:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Image Zone Express [2006/05/07 09:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Leadertech [2009/04/10 08:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\LEGO Company [2011/09/20 17:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\MakeMusic [2007/05/06 08:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\MyPublisher [2008/11/30 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\OpenOffice.org [2012/07/23 19:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Oracle [2009/09/27 20:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Orbit [2012/11/15 08:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\PCToolsFirewallPlus [2007/01/18 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Printer Info Cache [2006/05/07 09:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Schoolhouse Technologies [2006/05/07 09:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Snapfish [2009/05/29 10:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Synthesia [2007/12/02 07:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\The Complete Genealogy Reporter - FTB [2012/09/21 07:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\TuneUp Software [2009/02/25 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Unity [2010/01/31 08:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\VoipStunt [2008/11/06 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\W Photo Studio Viewer [2012/05/20 15:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Windows Desktop Search [2012/07/08 06:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sharon\Application Data\Windows Search ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 < End of report >
- November 19, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Sorry for the delay, I had stuff to attend to. So I did reboot and then ran the OTL like you said to but this time the PC Tools Firewall popped up and asked if I trusted the OTL program, when I clicked yes, all the icons disappeared from my desktop but I just left it alone thinking maybe it was running anyway? After about 6 hours i figured it probably wasn't so I just did a hard shutdown. So I guess I can't seem to run the OTL as it keep "freezing". I'm willing to try again, but how do I know exactly that it is indeed freezing or if it's actually running, other than waiting for 6 hours or so? Thanks again for working with me! I really want to fix this, hubby and kids keep asking me why I don't just disable MalwareBytes
- November 18, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I tried to close my Chrome browser while OTL was running and something froze, the mouse won't work anymore, I can still hear the hard disc being accessed though. It's been 3 and a half hours now. Do I just keep waiting? Is it supposed to take this long? I know I wasn't supposed to interrupt it, I didn't think closing a window counted as "interrupting"? I hope I didn't kill my computer....
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I keep getting a "Install IQ Updater" message. Should I uninstall that?
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

MalwareBytes and SuperAntispyware are the only other ones
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I followed your recommendations in your Preventive Maintenance, I got rid of Symantec and installed Microsoft Essentials, I also installed PC Tools Firewall Plus
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Btw, when I looked at "System Restore" I noticed it was off, so I turned it on, is that ok? Or is it supposed to be off? And there was only one restore point, it was created today.
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

OTL.Txt Extras.Txt
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I'm still not able to run an OTL quick scan, it starts and then freezes at "Scanning Firefox settings..."
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I'm not able to finish an OTL scan, keeps freezing when it gets to scanning Firefox...will reboot and try again.
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

I just rebooted and I think I can open things now....weird. Will run the OTL now.
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Something's really wrong with my computer right now. I clicked on a picture and it couldn't open it and when I tried to run the OTL it said "The applicatin failed to initialize properly (0xc0000017). Click on OK to terminate the application" I'm getting this message when I try to open a lot of programs...
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Yes, I'm using the Pro/paid version.
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Oops! I just noticed that fix was for "open event" error code 2. I'll be quiet now.
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

What do you think about this? I found it somewhere online... f You Know You Have Malware ... If you know you have malware running in your computer, it may be preventing Malwarebytes' Anti-Malware from starting normally. Usually, the main executable file is targetted: mbam.exe You can often get around this by renaming the mbam.exe file to something else, and then trying to run it again. Sometimes, any random name will do, and because of this, Malwarebytes offers a link to download a randomly named copy of mbam.exe: malwarebytes.org/mbam-download-exe-random.php Save the above randomly named file to one of the following locations, and run it from there: 64 Bit Systems: C:\Program Files (x86)\Malwarebytes' Anti-Malware 32 Bit Systems: C:\Program Files\Malwarebytes' Anti-Malware Unfortunately, some malware blocks almost ANY executable file from running (*.exe), but in my experience they will nevertheless allow either explorer.exe oriexplore.exe to run ... so if the random name does not work, try each of the above two names, and you may find yourself in business!
- November 16, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Sigh, I just rebooted to test it and I got the dreaded error code 2 again, it says the same thing, Shell_NotifyIcon Failed to perform desired action. Error Code:2
- November 15, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Ok, I just reinstalled MalwareBytes. Since the error codes were showing up "randomly", I will keep you posted if or when an error code shows up again, hopefully never! In the meantime, thank you so much for your help.
- November 15, 2012
- 68 replies
error code 2 and error code 0

laralara replied to laralara's topic in Resolved Malware Removal Logs

Oops! Never mind my comment on Adobe Reader. I have Adobe Reader X
- November 15, 2012
- 68 replies

Events

Profiles

Forums

Everything posted by laralara

Important Information