HemiGuy
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by HemiGuy
-
-
It seems to be running ok, no BIG change. I don't know if it matters but on the (processes killed) I still see the google chrome thing and Frostwire and MP3 convert things. ALL of these were deleted (uninstalled) but like I said I am not THAT savy. THANKS AGAIN!
All processes killed
Error: Unable to interpret <:FilesC:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Default\aalecobnbdlnmjlmkbmefgeecfnlnhjl\background.htmlC:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exeC:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exeC:\Users\Kat Cyganiak\Downloads\cbsidlm-tr1_7-Free_Convert_MP3_to_WMA-SEO-75176736.exeC:\Users\Kat Cyganiak\Downloads\DownloadManagerSetup.exeC:\Users\Kat Cyganiak\Downloads\FreeMp3WmaConverterSetup-r100-w.exeC:\Users\Kat Cyganiak\Downloads\installer_adobe_illustrator.exeC:\Users\Kat Cyganiak\Downloads\Setup.exeC:\Users\Kat Cyganiak\Downloads\WinZip170.exe[EmptyTemp]> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 01222013_204856
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
sorry again, Heres that log from ESET. WOW the word Trojan is in there a lot!
C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Default\aalecobnbdlnmjlmkbmefgeecfnlnhjl\background.html Win32/BHO.OEI trojan
C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\1eae594e-6e4fce4c a variant of Java/Exploit.Agent.NEA trojan
C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\34182e61-687a0d34 a variant of Java/TrojanDownloader.Agent.NBA trojan
C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\67c420ef-552a2e2f a variant of Java/Exploit.CVE-2012-4681.CD trojan
C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\10663c71-71541a46 a variant of Java/Exploit.Agent.NEA trojan
C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\729f233f-3f2be397 a variant of Java/Exploit.Agent.NEA trojan
C:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application
C:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application
C:\Users\Kat Cyganiak\Downloads\cbsidlm-tr1_7-Free_Convert_MP3_to_WMA-SEO-75176736.exe Win32/DownloadAdmin.D application
C:\Users\Kat Cyganiak\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.BB application
C:\Users\Kat Cyganiak\Downloads\FreeMp3WmaConverterSetup-r100-w.exe Win32/Toolbar.SearchSuite application
C:\Users\Kat Cyganiak\Downloads\installer_adobe_illustrator.exe multiple threats
C:\Users\Kat Cyganiak\Downloads\Setup.exe a variant of Win32/Adware.iBryte.D application
C:\Users\Kat Cyganiak\Downloads\WinZip170.exe a variant of Win32/OpenInstall application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FP8AK6ME\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FP8AK6ME\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application
-
Sorry it took so long my Father is in the hospital, he has cancer. Anyway here are the logs you asked for. There are two logs for the MBAM because I forgot to shut down McAfee the first time and and it "QUARANTINED" the infected stuff. I keep noticing that this "FUNMOODS" SEARCH tab keeps popping up in the background of Google Chrome when my daughter uses it. (I HATE G.C.) so I uninstalled it. Don't know if that was cool or not, That FUNMOODS thing just wouldn't GO AWAY. If I "Fed"up I'm sorry, I said I would follow directions, PLEASE don't blow me off now:(
Malwarebytes Anti-Malware 1.70.0.1100
Database version: v2013.01.15.02
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kat Cyganiak :: CYGANIAKS-PC [administrator]
1/14/2013 7:26:25 PM
mbam-log-2013-01-14 (19-26-25).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 552603
Time elapsed: 2 hour(s), 57 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.70.0.1100
Database version: v2013.01.15.02
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kat Cyganiak :: CYGANIAKS-PC [administrator]
1/15/2013 6:50:06 PM
mbam-log-2013-01-15 (18-50-06).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 552774
Time elapsed: 1 hour(s), 36 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows Vista Home Premium x64
Ran by Kat Cyganiak on Tue 01/15/2013 at 3:00:12.43
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.BHO
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1641676
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\AppData\Roaming\funmoods"
Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\appdata\locallow\datamngr"
~~~ FireFox
Successfully deleted: [File] C:\Users\Kat Cyganiak\AppData\Roaming\mozilla\firefox\profiles\sojvyjpv.default\user.js
Successfully deleted: [File] C:\Users\Kat Cyganiak\AppData\Roaming\mozilla\firefox\profiles\sojvyjpv.default\searchplugins\search_results.xml
Successfully deleted the following from C:\Users\Kat Cyganiak\AppData\Roaming\mozilla\firefox\profiles\sojvyjpv.default\prefs.js
user_pref("browser.search.order.1", "Search Results");
user_pref("extensions.funmoods.aflt", "adknlg1y");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtF
user_pref("extensions.funmoods.id", "002564D74ED48B11");
user_pref("extensions.funmoods.instlDay", "15713");
user_pref("extensions.funmoods.instlRef", "adknlg1y");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutB
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2Xzu
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:40:58");
Emptied folder: C:\Users\Kat Cyganiak\AppData\Roaming\mozilla\firefox\profiles\sojvyjpv.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/15/2013 at 3:08:01.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
OK, I did what you said to a "T" and both programs didn't run as you said they would. I shut down ALL of my McAfee and it was red. I got some error screen shots saying I had "processes running that may not allow CombFix to work properly". Only on the ComboFix scan. But the report said it was still running. Maybe I'm reading it wrong and should just do what I'm told. Here are the 2 log reports.
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_30
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 6432174080, free: 4173111296
------------ Kernel report ------------
01/09/2013 23:22:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\McPvDrv.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\MOBK.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\??\C:\Users\KATCYG~1\AppData\Local\Temp\aswMBR.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8007c0f060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xfffffa8008af6640
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8008719060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8008af6060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800871b060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa8008f2bb70
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80085ad060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xfffffa80086ca9b0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80066c7060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8006427520
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.10.02
Downloaded database version: v2013.01.04.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80066c7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80066920e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066c7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800642b520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006427520, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8800fc7b550, 0xfffffa80066c7060, 0xfffffa80196c9080
Lower DeviceData: 0xfffff880123548c0, 0xfffffa8006427520, 0xfffffa80158748f0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 22CF417C
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 81920 Numsec = 30720000
Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 30801920 Numsec = 945969200
Partition file system is NTFS
Partition is bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80085ad060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008538b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80085ad060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80086ca9b0, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800871b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008719b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800871b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008f2bb70, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8008719060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800871bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008719060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008af6060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8007c0f060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c272e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007c0f060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008af6640, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll --> [PUP.215Apps]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440244184402}\1.0\0\win32 --> [PUP.215Apps]
Infected: C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll --> [PUP.215Apps]
Infected: C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe --> [PUP.215Apps]
Infected: C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe --> [PUP.215Apps]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} --> [PUP.Funmoods]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} --> [PUP.Funmoods]
Infected: HKCU\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} --> [PUP.Funmoods]
Infected: HKCU\SOFTWARE\INSTALLCORE\funmoods --> [PUP.FunMoods]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_30
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 6432174080, free: 5185740800
ComboFix 13-01-08.01 - Kat Cyganiak 01/10/2013 13:21:13.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.4217 [GMT -6:00]
Running from: c:\users\Kat Cyganiak\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kat Cyganiak\AppData\Roaming\E2C539
c:\users\Public\invokesi.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\bc700ca0c660fd66.fb
c:\windows\SysWow64\Cache\c1fa887b03019701.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-10 19:33 . 2013-01-10 19:51 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\temp
2013-01-10 19:33 . 2013-01-10 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 04:31 . 2013-01-10 04:31 -------- d-----w- C:\_OTL
2013-01-10 04:29 . 2013-01-10 04:29 -------- d-----w- C:\skins
2013-01-10 04:29 . 2013-01-10 04:29 -------- d-----w- C:\w
2013-01-10 04:29 . 2013-01-10 04:29 -------- d-----w- C:\Cache
2013-01-09 06:16 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 06:16 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 06:15 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 06:15 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 06:15 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 06:15 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 06:15 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 06:15 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
2013-01-09 03:57 . 2013-01-09 04:00 -------- d-----w- c:\programdata\MFAData
2013-01-09 03:57 . 2013-01-09 03:57 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\MFAData
2013-01-09 03:57 . 2013-01-09 03:57 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\Avg2013
2013-01-09 03:42 . 2005-03-12 06:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2013-01-09 03:42 . 1998-06-24 06:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-01-09 03:42 . 2013-01-09 03:42 -------- d-----w- c:\program files (x86)\PDFCreator
2013-01-09 03:42 . 1998-07-06 06:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-01-09 03:41 . 2013-01-09 03:41 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\Shopping Sidekick Plugin
2013-01-09 03:41 . 2013-01-10 08:19 -------- d-----w- c:\program files (x86)\Shopping Sidekick Plugin
2013-01-09 03:41 . 2013-01-09 03:41 -------- d-----w- c:\users\Kat Cyganiak\AppData\Roaming\Funmoods
2013-01-08 05:07 . 2013-01-08 05:07 -------- d-----w- c:\program files\ESET
2013-01-07 22:12 . 2013-01-07 22:12 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\programdata\Symantec
2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\windows\system32\drivers\NSSx64
2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\programdata\Norton
2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\program files (x86)\Norton Security Scan
2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-01-07 12:07 . 2013-01-07 12:07 -------- d-----w- c:\users\Kat Cyganiak\AppData\Roaming\RealNetworks
2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\program files (x86)\RealNetworks
2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\programdata\RealNetworks
2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-01-07 12:02 . 2013-01-07 12:02 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-07 12:02 . 2013-01-07 12:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-07 11:59 . 2013-01-07 11:59 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\Real
2013-01-07 11:09 . 2013-01-07 11:10 -------- d-----w- C:\FRST
2013-01-07 05:00 . 2013-01-07 05:00 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\WinZip
2013-01-07 04:59 . 2013-01-07 04:59 -------- d-----w- c:\programdata\WinZip
2013-01-07 04:59 . 2013-01-07 04:59 -------- d-----w- c:\program files\WinZip
2013-01-05 01:42 . 2013-01-05 02:11 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\McAfee File Lock
2013-01-04 23:48 . 2013-01-04 23:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\McAfee File Lock
2013-01-04 23:48 . 2012-05-28 16:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-12-21 16:00 . 2012-12-21 16:00 -------- d-----w- c:\users\Kat Cyganiak\AppData\Roaming\Malwarebytes
2012-12-21 16:00 . 2012-12-21 16:00 -------- d-----w- c:\programdata\Malwarebytes
2012-12-21 16:00 . 2013-01-04 06:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-21 16:00 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-21 14:48 . 2013-01-10 04:29 -------- d-----w- C:\e
2012-12-21 14:48 . 2013-01-10 04:29 -------- d-----w- C:\Data
2012-12-21 09:00 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 09:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 09:00 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 09:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 16:26 . 2012-12-13 16:27 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-13 16:21 . 2012-12-13 16:21 -------- d-----w- c:\program files (x86)\QuickTime
2012-12-13 09:01 . 2012-11-14 06:11 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-13 01:18 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2012-12-13 01:18 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 01:17 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 01:17 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 01:17 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 01:17 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-12-13 01:17 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 01:17 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 01:17 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 10:29 . 2012-03-29 13:58 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 10:29 . 2012-03-14 17:41 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 09:03 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2012-11-09 12:40 . 2012-11-09 12:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 12:37 . 2011-12-06 23:44 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 12:37 . 2011-12-06 23:28 177680 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 12:35 . 2011-03-13 17:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 12:34 . 2012-11-09 12:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 12:34 . 2012-11-09 12:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 12:33 . 2012-11-09 12:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-02 07:46 . 2012-11-02 07:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2012-11-02 07:46 . 2012-11-02 07:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2012-11-02 07:46 . 2012-11-02 07:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-19 15:51 . 2012-09-26 04:30 74120 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2012-05-17 15:52 . 2012-11-18 07:17 172400 ----a-w- c:\program files (x86)\2pres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-11-26 1525088]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
2009-11-20 08:22 2166296 ----a-w- c:\program files (x86)\eMusic\tbeMu1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9ee802e8-c931-47ab-b570-aa8f791598ca}"= "c:\program files (x86)\eMusic\tbeMu1.dll" [2009-11-20 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-07 295072]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Kat Cyganiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2010-3-20 95232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-10-18 685496]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:29]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 18:56]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 18:56]
.
2013-01-09 c:\windows\Tasks\Norton Security Scan for Kat Cyganiak.job
- c:\progra~2\NORTON~2\Engine\376~1.5\Nss.exe [2013-01-07 10:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-17 16308768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - ExtSQL: 2013-01-03 11:08; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-01-03 11:08; {4176DFF4-4698-11DE-BEEB-45DA55D89593}; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
FF - ExtSQL: 2013-01-03 11:08; {3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}
FF - ExtSQL: 2013-01-03 11:08; {2b5e07c4-cc81-4624-8936-820622afdbd5}; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{2b5e07c4-cc81-4624-8936-820622afdbd5}.xpi
FF - ExtSQL: 2013-01-03 11:08; twitter@disconnect.me; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\twitter@disconnect.me.xpi
FF - ExtSQL: 2013-01-03 11:08; personas@christopher.beard; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\personas@christopher.beard.xpi
FF - ExtSQL: 2013-01-03 11:08; chromeview@systemantics.net; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\chromeview@systemantics.net.xpi
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1892756836
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1892756836
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1892756836&q=
FF - user.js: extensions.funmoods.id - 002564D74ED48B11
FF - user.js: extensions.funmoods.instlDay - 15713
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:40
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg1y
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg1y
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110211181102} - c:\program files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll
BHO-{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Toolbar-{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Kat Cyganiak\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-10 - (no file)
WebBrowser-{9EE802E8-C931-47AB-B570-AA8F791598CA} - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1443698480-2959366254-1151133129-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-1443698480-2959366254-1151133129-1000)
@Denied: (Full) (Administrators)
.
[HKEY_USERS\S-1-5-21-1443698480-2959366254-1151133129-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
"LangID"=hex:09,04
"@c:\\Windows\\SysWOW64\\ieframe.dll,-903"="URL:HyperText Transfer Protocol"
"@c:\\Windows\\system32\\notepad.exe,-469"="Text Document"
"c:\\Program Files (x86)\\Microsoft Office\\Office12\\EXCEL.EXE"="Microsoft Office Excel"
"c:\\Program Files (x86)\\Microsoft Office\\Office12\\WINWORD.EXE"="Microsoft Office Word"
"c:\\Windows\\system32\\NOTEPAD.EXE"="Notepad"
"@c:\\Windows\\SysWOW64\\ieframe.dll,-880"="Internet Explorer"
"@c:\\Windows\\system32\\NetworkExplorer.dll,-1"="Network"
"@c:\\Program Files (x86)\\Windows Live\\Messenger\\msgsres.dll,-4200"="Windows Live Messenger"
"@netlogon.dll,-1010"="Netlogon Service"
"@c:\\Windows\\System32\\hhctrl.ocx,-452"="Compiled HTML Help file"
"@c:\\Program Files (x86)\\Windows Mail\\WinMail.exe,-221"="Windows Mail E-Mail Message"
"@c:\\Windows\\SysWOW64\\ieframe.dll,-912"="HTML Document"
"@c:\\Windows\\SysWOW64\\ieframe.dll,-913"="MHTML Document"
"@c:\\Windows\\System32\\msxml3r.dll,-1"="XML Document"
"@c:\\Windows\\System32\\msimsg.dll,-34"="Windows Installer Package"
"@c:\\Windows\\System32\\msimsg.dll,-35"="Windows Installer Patch"
"@c:\\Windows\\system32\\unregmp2.exe,-9903"="AIFF Format Sound"
"@c:\\Windows\\system32\\unregmp2.exe,-9904"="AU Format Sound"
"@c:\\Windows\\system32\\unregmp2.exe,-9918"="CD Audio Track"
"@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-1"="MPEG-4 Audio File"
"@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-2"="MPEG-4 Audio File (Protected)"
"@c:\\Windows\\system32\\unregmp2.exe,-9907"="MIDI Sequence"
"@c:\\Windows\\system32\\unregmp2.exe,-9902"="Movie Clip"
"@c:\\Windows\\system32\\unregmp2.exe,-9925"="MP3 Format Sound"
"@c:\\Windows\\system32\\unregmp2.exe,-9908"="Wave Sound"
"@c:\\Windows\\system32\\unregmp2.exe,-9912"="Windows Media Audio file"
"@c:\\Windows\\system32\\unregmp2.exe,-9909"="Windows Media Audio/Video file"
"@c:\\Windows\\system32\\unregmp2.exe,-9910"="Windows Media Audio/Video playlist"
"@c:\\Windows\\system32\\unregmp2.exe,-9905"="Video Clip"
"@c:\\Windows\\system32\\unregmp2.exe,-9914"="Windows Media Audio/Video file"
"@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3072;en-us.8051.1204"="Bitmap Image"
"@c:\\Windows\\system32\\mspaint.exe,-59418"="Paintbrush Picture"
"@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3070;en-us.8051.1204"="JPEG Image"
"@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3071;en-us.8051.1204"="PNG Image"
"@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3074;en-us.8051.1204"="TIFF Image"
"@c:\\Program Files (x86)\\Common Files\\system\\wab32res.dll,-10100"="Contacts"
"c:\\Program Files (x86)\\Windows Photo Gallery\\PhotoViewer.dll"="Windows Photo Gallery"
"c:\\Program Files (x86)\\QuickTime\\PictureViewer.exe"="PictureViewer"
"c:\\Program Files (x86)\\Windows Live\\Photo Gallery\\WLXPhotoGallery.exe"="Windows Live Photo Gallery"
"c:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"="Internet Explorer"
"c:\\Windows\\system32\\mspaint.exe"="Paint"
"c:\\PROGRA~2\\MICROS~1\\Office12\\OIS.EXE"="Microsoft Office Picture Manager"
"@c:\\Windows\\system32\\NetworkExplorer.dll,-2"="Provides access to the computers and devices that are on your network."
"@%SystemRoot%\\system32\\mlang.dll,-4386"="English (United States)"
"c:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe"="Adobe Reader 9.4"
"@c:\\Windows\\system32\\unregmp2.exe,-9926"="M3U file"
"@c:\\Windows\\system32\\unregmp2.exe,-9923"="Windows Media playlist"
"@c:\\Windows\\system32\\mmsys.cpl,-701"="chord.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-700"="chimes.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-702"="ding.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-705"="ir_inter.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-704"="ir_end.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-703"="ir_begin.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-707"="recycle.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-706"="notify.wav"
"@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5580"="Speech Misrecognition.wav"
"@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5581"="Speech Disambiguation.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-708"="ringout.wav"
"@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5579"="Speech Sleep.wav"
"@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5577"="Speech On.wav"
"@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5578"="Speech Off.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-711"="Windows Balloon.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-710"="tada.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-714"="Windows Critical Stop.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-713"="Windows Battery Low.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-712"="Windows Battery Critical.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-717"="Windows Error.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-716"="Windows Ding.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-715"="Windows Default.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-720"="Windows Hardware Fail.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-719"="Windows Feed Discovered.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-718"="Windows Exclamation.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-736"="Windows Information Bar.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-722"="Windows Hardware Remove.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-721"="Windows Hardware Insert.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-725"="Windows Menu Command.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-724"="Windows Logon Sound.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-723"="Windows Logoff Sound.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-727"="Windows Notify.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-734"="Windows Navigation Start.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-726"="Windows Minimize.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-729"="Windows Recycle.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-728"="Windows Print complete.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-737"="Windows Pop-up Blocked.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-732"="Windows Ringout.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-731"="Windows Ringin.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-730"="Windows Restore.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-735"="Windows Startup.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-733"="Windows Shutdown.wav"
"@c:\\Windows\\system32\\mmsys.cpl,-738"="Windows User Account Control.wav"
"@c:\\Windows\\system32\\SampleRes.dll,-111"="Desert Landscape"
"@c:\\Windows\\system32\\SampleRes.dll,-101"="Creek"
"@c:\\Windows\\system32\\SampleRes.dll,-114"="Autumn Leaves"
"@c:\\Windows\\system32\\SampleRes.dll,-105"="Forest Flowers"
"@c:\\Windows\\system32\\SampleRes.dll,-107"="Dock"
"@c:\\Windows\\system32\\SampleRes.dll,-102"="Frangipani Flowers"
"@c:\\Windows\\system32\\SampleRes.dll,-103"="Forest"
"@c:\\Windows\\system32\\SampleRes.dll,-108"="Green Sea Turtle"
"@c:\\Windows\\system32\\SampleRes.dll,-115"="Garden"
"@c:\\Windows\\system32\\SampleRes.dll,-112"="Oryx Antelope"
"@c:\\Windows\\system32\\SampleRes.dll,-109"="Humpback Whale"
"@c:\\Windows\\system32\\SampleRes.dll,-110"="Tree"
"@c:\\Windows\\system32\\SampleRes.dll,-104"="Toco Toucan"
"@c:\\Windows\\system32\\SampleRes.dll,-113"="Winter Leaves"
"@c:\\Windows\\system32\\SampleRes.dll,-106"="Waterfall"
"@c:\\Windows\\system32\\SampleRes.dll,-144"="Lake"
"@c:\\Windows\\system32\\SampleRes.dll,-142"="Butterfly"
"@c:\\Windows\\system32\\SampleRes.dll,-143"="Bear"
"@c:\\Windows\\help\\Tablet PC\\PTRes.dll,-342"="Tablet PC Pen Training"
"@c:\\Windows\\system32\\StikyNot.exe,-551"="Sticky Notes"
"@c:\\Windows\\help\\Tablet PC\\TTRes.dll,-342"="Tablet PC Touch Training"
"@themeui.dll,-2037"="{Tahoma, 8 pt}"
"@themeui.dll,-2038"="{Tahoma, 8 pt}"
"@themeui.dll,-2039"="{Tahoma, 8 pt}"
"@themeui.dll,-2040"="{Tahoma, 8 pt}"
"@themeui.dll,-2041"="{Tahoma, 8 pt}"
"@themeui.dll,-2042"="{Tahoma, 8 pt}"
"@c:\\Windows\\SysWOW64\\ieframe.dll,-5723"="The Internet"
"@c:\\Windows\\System32\\ieframe.dll,-12385"="Favorites Bar"
"@c:\\Program Files (x86)\\Windows Live\\Toolbar\\wltcore.dll,-151"="Windows Live Toolbar"
"@c:\\Program Files (x86)\\Windows Live\\Toolbar\\wltcore.dll,-150"="Windows Live Toolbar BHO"
"@c:\\Windows\\System32\\wpccpl.dll,-100"="Parental Controls"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4920"="Accelerated graphics"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4921"="Use software rendering instead of GPU rendering"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4746"="Accessibility"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4731"="Always expand ALT text for images"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4918"="Enable Caret Browsing for new windows and tabs"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4732"="Move system caret with focus/selection changes"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4919"="Play system sounds"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4908"="Reset text size to medium for new windows and tabs"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4907"="Reset zoom level for new windows and tabs"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4745"="Browsing"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4913"="Enable automatic crash recovery"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4917"="Display Accelerator button on selection"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4902"="Automatically recover from page layout errors with Compatibility View"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4852"="Use inline AutoComplete in Windows Explorer and Run Dialog"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4851"="Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4910"="Use most recent order when switching tabs with Ctrl+Tab"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4833"="Show friendly HTTP error messages"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4743"="Use Passive FTP (for firewall and DSL modem compatibility)"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4737"="Enable FTP folder view (outside of Internet Explorer)"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4849"="Go to an intranet site for a single word entry in the Address bar"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4835"="Notify when downloads complete"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4838"="Close unused folders in History and Favorites"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4861"="Reuse windows for launching shortcuts (when tabbed browsing is off)"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6005"="Disable script debugging (Other)"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6004"="Disable script debugging (Internet Explorer)"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4832"="Display a notification about every script error"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6622"="Enable websites to use the search pane"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4735"="Use smooth scrolling"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4733"="Enable Suggested Sites"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4828"="Underline links"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4825"="Always"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4827"="Hover"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4826"="Never"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4874"="Enable third-party browser extensions"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4873"="Enable visual styles on buttons and controls in webpages"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4747"="Security"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6310"="Block unsecured images with other mixed content"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4750"="Empty Temporary Internet Files folder when browser is closed"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4749"="Do not save encrypted pages to disk"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4892"="Allow active content from CDs to run on My Computer"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4761"="Check for publisher's certificate revocation"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4762"="Check for signatures on downloaded programs"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6304"="Enable DOM Storage"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4891"="Allow active content to run in files on My Computer"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4863"="Enable Integrated Windows Authentication"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6019"="Enable memory protection to help mitigate online attacks"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-5365"="Enable SmartScreen Filter"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6006"="Allow software to run or install even if the signature is invalid"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4757"="Warn if changing between secure and not secure mode"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4759"="Warn about certificate address mismatch"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4752"="Use SSL 2.0"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4753"="Use SSL 3.0"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4760"="Check for server certificate revocation"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4758"="Warn if POST submittal is redirected to a zone that does not permit posts"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4754"="Use TLS 1.0"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6300"="Enable native XMLHTTP support"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4822"="HTTP 1.1 settings"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4823"="Use HTTP 1.1"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4824"="Use HTTP 1.1 through proxy connections"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6000"="International"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6002"="Send IDN server names"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6008"="Show Notification bar for encoded addresses"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6003"="Send IDN server names for Intranet addresses"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6007"="Always show encoded addresses"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6018"="Use UTF-8 for mailto links"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4839"="Send UTF-8 URLs"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4744"="Multimedia"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4922"="Enable alternative codecs in HTML5 media elements"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4741"="Play animations in webpages"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4871"="Enable automatic image resizing"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4742"="Show pictures"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4843"="Show image download placeholders"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4739"="Play sounds in webpages"
"@c:\\Windows\\system32\\wmploc.dll,-1721"="Windows Media Player"
"@c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.60531.0\\npctrlui.dll,-400"="Microsoft Silverlight"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4774"="ActiveX controls and plug-ins"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4775"="Run ActiveX controls and plug-ins"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4803"="Enable"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4806"="Administrator approved"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4805"="Disable"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4804"="Prompt"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4897"="Allow previously unused ActiveX controls to run without prompt"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4900"="Only allow approved domains to use ActiveX without prompt"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4899"="Display video and animation on a webpage that does not use external media player"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4889"="Automatic prompting for ActiveX controls"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4884"="Binary and script behaviors"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4776"="Download signed ActiveX controls"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4923"="Allow ActiveX Filtering"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4783"="Initialize and script ActiveX controls not marked as safe for scripting"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4780"="Allow Scriptlets"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4784"="Script ActiveX controls marked safe for scripting"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4777"="Download unsigned ActiveX controls"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4788"="User Authentication"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4790"="Logon"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4807"="Anonymous logon"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4808"="Prompt for user name and password"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4810"="Automatic logon only in Intranet zone"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4809"="Automatic logon with current user name and password"
"@mscorier.dll,-1001"=".NET Framework-reliant components"
"@mscorier.dll,-1006"="Run components signed with Authenticode"
"@mscorier.dll,-1004"="Enable"
"@mscorier.dll,-1003"="Disable"
"@mscorier.dll,-1005"="Prompt"
"@mscorier.dll,-1002"="Run components not signed with Authenticode"
"@mscorier.dll,-1007"="Permissions for components with manifests"
"@mscorier.dll,-1008"="High Safety"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4791"="Downloads"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4792"="File download"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4793"="Font download"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4794"="Miscellaneous"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4862"="Don't prompt for client certificate selection when only one certificate exists"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4785"="Access data sources across domains"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4796"="Drag and drop or copy and paste files"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4898"="Allow websites to open windows without address or status bars"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4797"="Submit non-encrypted form data"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4911"="Include local directory path when uploading files to a server"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4798"="Launching programs and files in an IFRAME"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4870"="Allow META REFRESH"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4885"="Enable MIME Sniffing"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4872"="Display mixed content"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4883"="Use Pop-up Blocker"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-5368"="Use SmartScreen Filter"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4890"="Allow webpages to use restricted protocols for active content"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4864"="Launching applications and unsafe files"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4855"="Navigate windows and frames across different domains"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4853"="Userdata persistence"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4879"="Allow scripting of Microsoft web browser control"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4887"="Allow script-initiated windows without size or position constraints"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4886"="Websites in less privileged web content zone can navigate into this zone"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4782"="Scripting"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4786"="Active scripting"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4787"="Scripting of Java applets"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4854"="Allow Programmatic clipboard access"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4912"="Allow websites to prompt for information using scripted windows"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4867"="Allow status bar updates via script"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4901"="Enable XSS filter"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6400"=".NET Framework"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6401"="Loose XAML"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6403"="XAML browser applications"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6402"="XPS documents"
"@c:\\Windows\\SysWOW64\\inetcpl.cpl,-5440"="Enable .NET Framework setup"
"c:\\Program Files (x86)\\Jasc Software Inc\\Paint Shop Pro 7\\psp.exe"="Paint Shop Pro 7"
"@c:\\Windows\\SysWOW64\\ieframe.dll,-914"="SVG Document"
"@c:\\Program Files (x86)\\Common Files\\System\\wab32res.dll,-4602"="Contact file"
"@c:\\Program Files (x86)\\Common Files\\system\\wab32res.dll,-10203"="Contact"
"@c:\\Windows\\system32\\zipfldr.dll,-10195"="Compressed (zipped) Folder"
"@c:\\Windows\\system32\\ieframe.dll,-904"="URL:HyperText Transfer Protocol with Privacy"
"c:\\Program Files (x86)\\iTunes\\iTunes.exe"="iTunes"
"c:\\Program Files (x86)\\Windows Calendar\\wincal.exe"="Windows Calendar"
"@%ProgramFiles%\\Windows Live\\Photo Gallery\\regres.dll,-10;en-us.8051.1204"="Windows Live Photo Gallery"
"@wmploc.dll,-102"="Windows Media Player"
"c:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe"="Windows Media Player"
"c:\\Program Files (x86)\\Windows NT\\Accessories\\WORDPAD.EXE"="WordPad"
"@c:\\Windows\\system32\\ieframe.dll,-903"="URL:HyperText Transfer Protocol"
"@c:\\Windows\\SysWOW64\\occache.dll,-1070"="Downloaded Program Files"
"@c:\\Windows\\SysWOW64\\occache.dll,-1071"="Downloaded Program Files are ActiveX controls and Java applets downloaded automatically from the Internet when you view certain pages. They are temporarily stored in the Downloaded Program Files folder on your hard disk."
"@c:\\Windows\\SysWOW64\\occache.dll,-1072"="&View Files"
"@%systemroot%\\system32\\setupcln.dll,-1002"="Previous Windows installation(s)"
"@%systemroot%\\system32\\setupcln.dll,-1003"="Files from a previous Windows installation. Files and folders that may conflict with the installation of Windows have been moved to folders named Windows.old. You can access data from the previous Windows installations in this folder."
"@%SystemRoot%\\system32\\werfault.exe,-100"="System error memory dump files"
"@%SystemRoot%\\system32\\werfault.exe,-101"="Remove system error memory dump files."
"@%SystemRoot%\\system32\\werfault.exe,-102"="System error minidump files"
"@%SystemRoot%\\system32\\werfault.exe,-103"="Remove system error minidump files."
"@%systemroot%\\system32\\setupcln.dll,-1000"="Temporary Windows installation files"
"@%systemroot%\\system32\\setupcln.dll,-1001"="Installation files used by Windows setup. These files are left over from the installation process and can be safely deleted."
"@%systemroot%\\system32\\setupcln.dll,-1004"="Files discarded by Windows upgrade"
"@%systemroot%\\system32\\setupcln.dll,-1005"="Files from a previous Windows installation. As a precaution, Windows upgrade keeps a copy of any files that were not moved to the new version of Windows and were not identified as Windows system files. If you are sure that no user's personal files are missing after the upgrade, you can delete these files."
"@%SystemRoot%\\system32\\wer.dll,-297"="Per user archived Windows Error Reporting Files"
"@%SystemRoot%\\system32\\wer.dll,-298"="Files used for error reporting and solution checking."
"@%SystemRoot%\\system32\\wer.dll,-295"="Per user queued Windows Error Reporting Files"
"@%SystemRoot%\\system32\\wer.dll,-296"="Files used for error reporting and solution checking."
"@%SystemRoot%\\system32\\wer.dll,-301"="System archived Windows Error Reporting Files"
"@%SystemRoot%\\system32\\wer.dll,-302"="Files used for error reporting and solution checking."
"@%SystemRoot%\\system32\\wer.dll,-299"="System queued Windows Error Reporting Files"
"@%SystemRoot%\\system32\\wer.dll,-300"="Files used for error reporting and solution checking."
"@c:\\Windows\\system32\\filemgmt.dll,-2204"="Services"
"@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-3"="AIFF Audio File"
"@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-9"="MPEG Layer 2 Audio"
"@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-7"="M3U Audio Playlist"
"c:\\Program Files (x86)\\QuickTime\\QuickTimePlayer.exe"="QuickTime Player"
"c:\\Program Files (x86)\\Real\\RealPlayer\\RealPlay.exe"="RealPlayer"
"@c:\\Windows\\System32\\gameux.dll,-10046"="Microsoft Games"
"@c:\\Windows\\ehome\\ehepgres.dll,-277"="Recorded TV"
"c:\\Program Files (x86)\\Microsoft Office\\Office12\\POWERPNT.EXE"="Microsoft Office PowerPoint"
"c:\\Program Files (x86)\\Inkscape\\inkscape.exe"="Inkscape"
"@c:\\Program Files (x86)\\Microsoft Silverlight\\4.1.10111.0\\npctrlui.dll,-400"="Microsoft Silverlight"
"@c:\\PROGRA~1\\MICROS~1\\PURBLE~1\\PurblePlace.exe,-112"="Purble Place"
"@c:\\PROGRA~1\\MICROS~1\\Mahjong\\Mahjong.exe,-44419"="Mahjong Titans"
"@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-10"="MPEG Layer 3 Audio"
"@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-15"="WAVE Audio File"
"c:\\Program Files\\Windows Photo Gallery\\WindowsPhotoGallery.exe"="Windows Photo Gallery"
"@c:\\Windows\\SysWOW64\\ieframe.dll,-24585"="Cascading Style Sheet Document"
"@c:\\Windows\\System32\\wshext.dll,-4804"="JScript Script File"
"@c:\\Windows\\System32\\wshext.dll,-4802"="VBScript Script File"
"c:\\Windows\\SysWOW64\\javaws.exe"="Java Web Start Launcher"
"c:\\Program Files (x86)\\Microsoft Digital Image 2006\\pi.exe"="Microsoft Digital Image 2006 Editor"
"c:\\PROGRA~2\\Rhapsody\\rhapsody.exe"="RealNetworks Rhapsody"
"@c:\\Windows\\system32\\unregmp2.exe,-9991"="&Play"
"c:\\Program Files\\WinZip\\WINZIP64.EXE"="WinZip"
"@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3077;en-us.8051.1204"="Icon"
"@c:\\Windows\\system32\\mmcbase.dll,-130"="Microsoft Common Console Document"
"@c:\\Windows\\System32\\msxml3r.dll,-2"="XSL Stylesheet"
"@c:\\Windows\\System32\\msrating.dll,-3000"="Rating System File"
"@c:\\Windows\\System32\\setupapi.dll,-2000"="Setup Information"
"@c:\\Windows\\System32\\acppage.dll,-6003"="Windows Command Script"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2013-01-10 13:55:10 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-10 19:55
.
Pre-Run: 404,320,927,744 bytes free
Post-Run: 406,006,222,848 bytes free
.
- - End Of File - - B7157D4981E031E192808170A4BEA2CA
-
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-09 17:59:54
-----------------------------
17:59:54.914 OS Version: Windows x64 6.0.6002 Service Pack 2
17:59:54.914 Number of processors: 4 586 0x1E05
17:59:54.914 ComputerName: CYGANIAKS-PC UserName: Kat Cyganiak
17:59:58.861 Initialize success
18:00:14.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:00:14.154 Disk 0 Vendor: ST3500418AS CC44 Size: 476940MB BusType: 3
18:00:14.170 Disk 0 MBR read successfully
18:00:14.185 Disk 0 MBR scan
18:00:14.185 Disk 0 Windows VISTA default MBR code
18:00:14.185 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:00:14.185 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
18:00:14.201 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
18:00:14.232 Disk 0 scanning C:\Windows\system32\drivers
18:00:17.571 Service scanning
18:00:27.336 Modules scanning
18:00:27.336 Disk 0 trace - called modules:
18:00:27.367 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:00:27.367 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066ca060]
18:00:27.383 3 CLASSPNP.SYS[fffffa60010bcc33] -> nt!IofCallDriver -> [0xfffffa800642c520]
18:00:27.383 5 acpi.sys[fffffa60008ddfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006429060]
18:00:27.383 Scan finished successfully
18:01:29.908 Disk 0 MBR has been saved successfully to "C:\Users\Kat Cyganiak\Desktop\MBR.dat"
18:01:29.923 The log file has been saved successfully to "C:\Users\Kat Cyganiak\Desktop\aswMBR.txt"
-
OTL Extras logfile created on: 1/9/2013 4:09:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kat Cyganiak\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 61.40% Memory free
12.09 Gb Paging File | 9.92 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 314.00 Gb Free Space | 69.61% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.72 Gb Free Space | 39.08% Space Free | Partition Type: NTFS
Computer Name: CYGANIAKS-PC | User Name: Kat Cyganiak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 01 D5 7A EC AB 5F CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java 6 Update 13 (64-bit)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{655107BA-F557-4B0E-B344-BA1C85B08488}" = Motorola Mobile Drivers Installation 4.8.0
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7860ADB4-6A16-4245-B956-4DCCA6B371CF}" = Frontline Excel Solvers V11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C25D3128-3136-4B33-9D32-8F0F5E81F349}" = MGTEK dopisp
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AT&T Yahoo! Browser Configuration" = AT&T Yahoo! Browser Configuration
"AudibleDownloadManager" = Audible Download Manager
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"dcmsvc_is1" = dcmsvc 1.0
"eMusic Toolbar" = eMusic Toolbar
"FrostWire" = FrostWire 4.21.8
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.2
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MegaStat Excel 2007" = MegaStat Excel 2007
"MotoHelper" = MotoHelper 2.0.34 Driver 4.8.0
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"NSS" = Norton Security Scan
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 16.0" = RealPlayer
"Rhapsody" = Rhapsody
"Shopping Sidekick Plugin" = Shopping Sidekick Plugin
"webmmf" = WebM Media Foundation Components
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/19/2012 8:20:39 PM | Computer Name = Cyganiaks-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 10/19/2012 8:20:39 PM | Computer Name = Cyganiaks-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 10/21/2012 11:47:13 AM | Computer Name = Cyganiaks-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1bfc Start Time: 01cdaf95ed894a77 Termination Time: 79
Error - 10/23/2012 12:57:20 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000
Description = Faulting application MotoHelperAgent.exe, version 2.0.34.0, time stamp
0x4cc216d4, faulting module IEBHO.dll_unloaded, version 0.0.0.0, time stamp 0x507aa066,
exception code 0xc0000005, fault offset 0x6ac406f0, process id 0xf48, application
start time 0x01cdae5816d1648f.
Error - 10/23/2012 12:57:20 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8050.1202, time stamp
0x493623f7, faulting module IEBHO.dll_unloaded, version 0.0.0.0, time stamp 0x507aa066,
exception code 0xc0000005, fault offset 0x6ac406f0, process id 0xf10, application
start time 0x01cdae5826941f2f.
Error - 10/23/2012 12:57:46 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp
0x503723f6, faulting module IEBHO.dll, version 1.0.0.1, time stamp 0x507aa066,
exception code 0xc0000005, fault offset 0x0001bcbf, process id 0xdc4, application
start time 0x01cdb13f626d270f.
Error - 10/23/2012 12:58:41 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp
0x503723f6, faulting module IEBHO.dll, version 1.0.0.1, time stamp 0x507aa066,
exception code 0xc0000005, fault offset 0x0001bcbf, process id 0x1a84, application
start time 0x01cdb13dcf5aacc7.
Error - 10/23/2012 1:01:20 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp
0x503723f6, faulting module IEBHO.dll, version 1.0.0.1, time stamp 0x507aa066,
exception code 0xc0000005, fault offset 0x0001bcbf, process id 0x14f4, application
start time 0x01cdb13db5b5b3f7.
Error - 10/23/2012 6:28:22 PM | Computer Name = Cyganiaks-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1030 Start Time: 01cdb16da4f3dbef Termination Time: 31
Error - 10/23/2012 6:35:28 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000
Description = Faulting application nvvsvc.exe, version 8.15.11.8595, time stamp
0x4a0fba70, faulting module NVSVC64.DLL, version 8.15.11.8595, time stamp 0x4a0fba6b,
exception code 0xc0000005, fault offset 0x000000000000408b, process id 0x4c4, application
start time 0x01cdb16ea8359ea4.
[ OSession Events ]
Error - 6/6/2010 3:52:10 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 459
seconds with 360 seconds of active time. This session ended with a crash.
Error - 3/20/2011 7:20:39 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5270
seconds with 900 seconds of active time. This session ended with a crash.
Error - 2/25/2012 6:07:15 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4682
seconds with 2220 seconds of active time. This session ended with a crash.
Error - 2/29/2012 8:41:12 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.
Error - 12/18/2012 10:49:33 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3162
seconds with 1200 seconds of active time. This session ended with a crash.
Error - 1/7/2013 11:20:40 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7678
seconds with 4080 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 1/9/2013 4:12:15 PM | Computer Name = Cyganiaks-PC | Source = DCOM | ID = 10010
Description =
Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 1/9/2013 4:38:07 PM | Computer Name = Cyganiaks-PC | Source = WMPNetworkSvc | ID = 866293
Description =
Error - 1/9/2013 4:38:54 PM | Computer Name = Cyganiaks-PC | Source = WMPNetworkSvc | ID = 866293
Description =
< End of report >
-
Here are all the logs you asked for. THANK YOU SO much for your help. When I tried to "POST" an "ERROR OCCURED post too long" happened so I will post them separately.
OTL logfile created on: 1/9/2013 4:09:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kat Cyganiak\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 61.40% Memory free
12.09 Gb Paging File | 9.92 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 314.00 Gb Free Space | 69.61% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.72 Gb Free Space | 39.08% Space Free | Partition Type: NTFS
Computer Name: CYGANIAKS-PC | User Name: Kat Cyganiak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/09 16:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kat Cyganiak\Desktop\OTL.exe
PRC - [2013/01/08 21:41:42 | 000,945,152 | ---- | M] (215 Apps) -- C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe
PRC - [2013/01/07 06:02:55 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/26 05:14:06 | 000,213,344 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\ytbb.exe
PRC - [2012/10/18 17:00:00 | 000,685,496 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/09/05 09:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/22 16:57:40 | 000,210,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/10/22 16:57:26 | 000,660,800 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/10/19 12:09:04 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/03/20 14:58:42 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2009/07/17 15:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/07/07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/08 04:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/07 12:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
PRC - [2009/02/03 07:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2013/01/09 03:37:47 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013/01/09 03:35:10 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\439eccf3a1fb34830a0a38cdf48afa08\System.Web.Services.ni.dll
MOD - [2013/01/09 03:34:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/09 03:34:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/09 03:34:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013/01/09 03:34:31 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/09 03:33:48 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/09 03:33:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/22 16:57:26 | 000,660,800 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/03/20 14:58:42 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
MOD - [2009/07/07 09:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/07/07 09:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/07/07 09:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/07/07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/07/07 09:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/07 09:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/04/07 12:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
========== Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2012/11/22 04:42:06 | 000,378,952 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/03/31 13:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 20:51:26 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2007/06/07 01:50:32 | 000,567,280 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbtcoms.exe -- (dlbt_device)
SRV - [2013/01/09 04:29:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/07 22:09:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/05 09:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/22 16:57:40 | 000,210,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/20 17:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/06/26 10:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/04/11 00:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2012/10/19 09:51:50 | 000,074,120 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/04 16:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/18 08:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2009/05/20 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/11 23:19:20 | 000,081,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/05/08 11:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/04/06 19:25:08 | 000,292,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2009/06/26 09:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5366121342314564&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1892756836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\URLSearchHook: {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files (x86)\eMusic\tbeMu1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5366121342314564&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1514BC5F-681F-4FED-83C5-7AE89459354C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKCU\..\SearchScopes\{43AF21D6-884C-47A2-8F8F-5EF6465AE905}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5366121342314564&q={searchTerms}
IE - HKCU\..\SearchScopes\{E0FA9551-4AE2-453F-A45E-285EF0F281A5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.37
FF - prefs.js..extensions.enabledAddons: %7B3e0c7f3a-3f50-4730-beb5-4a9a10e2831c%7D:6.9
FF - prefs.js..extensions.enabledAddons: %7B2b5e07c4-cc81-4624-8936-820622afdbd5%7D:1.0
FF - prefs.js..extensions.enabledAddons: twitter%40disconnect.me:2.1.2
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: chromeview%40systemantics.net:0.2.2
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/21 03:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/07 06:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/07 06:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/13 10:21:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/04 20:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/13 10:21:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/11/28 23:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Extensions
[2013/01/08 23:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions
[2013/01/03 11:08:26 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}
[2012/12/06 18:23:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/01/03 11:08:26 | 000,020,387 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\chromeview@systemantics.net.xpi
[2013/01/03 11:08:26 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\personas@christopher.beard.xpi
[2013/01/03 11:08:26 | 000,035,303 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\twitter@disconnect.me.xpi
[2013/01/03 11:08:26 | 000,009,599 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{2b5e07c4-cc81-4624-8936-820622afdbd5}.xpi
[2013/01/03 11:08:23 | 000,222,578 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2013/01/03 11:08:23 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012/10/14 23:28:26 | 000,002,687 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\searchplugins\Search_Results.xml
[2012/12/07 22:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/21 03:18:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/12/06 18:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/12/07 22:09:08 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 15:58:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/26 22:00:46 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/14 23:28:26 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/10/11 21:30:39 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Angry Birds = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0\crossrider
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0\
CHR - Extension: SiteAdvisor = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: RealDownloader = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Cath Kidston = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_0\
CHR - Extension: Cut The Rope = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifmiihfojalcnahgflekehmhbnlandb\1.0.1_0\
CHR - Extension: Angry Birds Wonderful Pistachios HD = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\olacfkfcglkclgojodocdaladnipiigo\1.0_0\
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O2 - BHO: (Shopping Sidekick Plugin) - {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (215 Apps)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (eMusic Toolbar) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files (x86)\eMusic\tbeMu1.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (eMusic Toolbar) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files (x86)\eMusic\tbeMu1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (eMusic Toolbar) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - C:\Program Files (x86)\eMusic\tbeMu1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Kat Cyganiak\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Kat Cyganiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kat Cyganiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D26857BB-2F49-4A2F-B6B1-4062C58553CB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d8thk32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cdosys32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmime32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cryptsvc32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dxmasf32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dllbpj9uy2m32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dllbpj9uy2m32.dllmj38k32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dllbpj9uy2m32.dllmj38k32.dllfxteu32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dllbpj9uy2m32.dllmj38k32.dllfxteu32.dllijapy3o32.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e2008ad-c71e-11de-ba31-002564d74ed4}\Shell - "" = AutoRun
O33 - MountPoints2\{0e2008ad-c71e-11de-ba31-002564d74ed4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/09 16:06:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kat Cyganiak\Desktop\OTL.exe
[2013/01/09 15:04:35 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kat Cyganiak\Desktop\dds.com
[2013/01/09 15:03:39 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Kat Cyganiak\Desktop\dds.scr
[2013/01/09 13:35:19 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\Desktop\HELP! how to removie rans_gendarm and google redirect viruses - Malwarebytes Forum_files
[2013/01/09 00:16:26 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 00:15:48 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2013/01/08 21:57:16 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\MFAData
[2013/01/08 21:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/08 21:57:16 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\Avg2013
[2013/01/08 21:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/01/08 21:42:32 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2013/01/08 21:42:31 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2013/01/08 21:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013/01/08 21:41:51 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\Shopping Sidekick Plugin
[2013/01/08 21:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick Plugin
[2013/01/08 21:41:30 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Roaming\Funmoods
[2013/01/08 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\Desktop\RK_Quarantine
[2013/01/07 23:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/01/07 23:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/07 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/01/07 06:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/01/07 06:48:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/01/07 06:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2013/01/07 06:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2013/01/07 06:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/01/07 06:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307060.005
[2013/01/07 06:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/07 06:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/01/07 06:07:33 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Roaming\RealNetworks
[2013/01/07 06:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/01/07 06:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/07 06:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/01/07 06:03:20 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/07 06:03:01 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/07 06:03:01 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/07 06:02:59 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/07 06:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/07 05:59:53 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\Real
[2013/01/07 05:09:56 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/06 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\WinZip
[2013/01/06 22:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/06 22:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/06 22:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/04 19:42:35 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\McAfee File Lock
[2013/01/04 17:48:26 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012/12/21 10:00:23 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Roaming\Malwarebytes
[2012/12/21 10:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/21 10:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/21 10:00:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/21 10:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/21 08:48:34 | 000,000,000 | ---D | C] -- C:\e
[2012/12/21 08:48:33 | 000,000,000 | ---D | C] -- C:\Data
[2012/12/21 03:00:17 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 03:00:17 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 03:00:17 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 03:00:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/13 10:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/12/13 10:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/13 10:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/13 10:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/12/13 03:02:54 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/13 03:02:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/13 03:02:52 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012/12/13 03:02:51 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/13 03:02:51 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/13 03:02:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/13 03:02:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/13 03:02:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/13 03:02:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/13 03:02:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/13 03:02:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/13 03:02:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/13 03:02:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/13 03:02:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/13 03:02:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/13 03:01:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/13 03:01:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/13 03:01:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/13 03:01:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/13 03:01:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/13 03:01:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/13 03:01:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 19:18:28 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 19:17:42 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 19:17:42 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 19:17:42 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012/12/12 19:17:42 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012/12/12 19:17:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2009/12/02 16:53:59 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Kat Cyganiak\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/09 16:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kat Cyganiak\Desktop\OTL.exe
[2013/01/09 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/09 15:23:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/09 15:04:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kat Cyganiak\Desktop\dds.com
[2013/01/09 15:03:39 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Kat Cyganiak\Desktop\dds.scr
[2013/01/09 14:40:25 | 000,079,916 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/01/09 14:40:25 | 000,079,916 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/01/09 14:38:20 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/09 14:36:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 14:36:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 14:36:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/09 13:35:20 | 000,301,945 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\HELP! how to removie rans_gendarm and google redirect viruses - Malwarebytes Forum.htm
[2013/01/09 04:29:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 04:29:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 03:29:53 | 004,948,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 03:09:08 | 000,731,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 03:09:08 | 000,613,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 03:09:08 | 000,107,806 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/08 18:29:14 | 000,000,928 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\RogueKillerX64 - Shortcut.lnk
[2013/01/08 02:05:30 | 000,000,588 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\notepad - Shortcut.lnk
[2013/01/08 02:01:26 | 000,037,376 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/07 17:41:42 | 000,000,709 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\eset_smart_security_live_installer - Shortcut.lnk
[2013/01/07 17:37:54 | 000,000,462 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Kat Cyganiak.job
[2013/01/07 06:48:21 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2013/01/07 06:04:11 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/07 06:03:20 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/07 06:03:01 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/07 06:03:01 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/07 06:02:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/07 05:09:38 | 000,000,567 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\FRST64 - Shortcut.lnk
[2013/01/07 04:10:52 | 000,000,594 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\RogueKiller - Shortcut.lnk
[2013/01/07 03:07:11 | 000,003,355 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\pspbrwse.jbf
[2013/01/07 01:35:58 | 000,000,866 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\mbam-chameleon - Shortcut.lnk
[2013/01/06 22:59:34 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/06 22:59:34 | 000,001,802 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/01/04 00:37:29 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/21 09:21:57 | 401,129,403 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/21 09:14:14 | 000,751,078 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Roaming\1.bmp
[2012/12/21 09:14:02 | 000,018,252 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Roaming\sound.mp3
[2012/12/21 09:13:57 | 000,114,890 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Roaming\1.jpg
[2012/12/16 07:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 07:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/16 05:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 04:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/13 10:29:34 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012/12/13 10:27:44 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/13 10:21:23 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/12/13 10:19:16 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/12/13 10:19:16 | 000,001,866 | ---- | M] () -- C:\Users\Kat Cyganiak\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/09 13:35:18 | 000,301,945 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\HELP! how to removie rans_gendarm and google redirect viruses - Malwarebytes Forum.htm
[2013/01/08 21:42:32 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2013/01/08 18:29:14 | 000,000,928 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\RogueKillerX64 - Shortcut.lnk
[2013/01/08 02:05:30 | 000,000,588 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\notepad - Shortcut.lnk
[2013/01/07 17:41:42 | 000,000,709 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\eset_smart_security_live_installer - Shortcut.lnk
[2013/01/07 06:48:22 | 000,000,462 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Kat Cyganiak.job
[2013/01/07 06:48:21 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2013/01/07 06:48:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307060.005\isolate.ini
[2013/01/07 06:04:11 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/07 05:09:38 | 000,000,567 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\FRST64 - Shortcut.lnk
[2013/01/07 04:10:52 | 000,000,594 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\RogueKiller - Shortcut.lnk
[2013/01/07 03:07:11 | 000,003,355 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\pspbrwse.jbf
[2013/01/07 01:35:58 | 000,000,866 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\mbam-chameleon - Shortcut.lnk
[2013/01/06 22:59:34 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/06 22:59:33 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/01/04 17:47:53 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
[2013/01/04 17:47:51 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
[2012/12/31 13:19:07 | 000,079,428 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\sarah.jpg
[2012/12/21 10:00:19 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/21 09:21:57 | 401,129,403 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/21 09:14:14 | 000,751,078 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\1.bmp
[2012/12/21 09:14:02 | 000,018,252 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\sound.mp3
[2012/12/21 09:13:56 | 000,114,890 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\1.jpg
[2012/12/13 10:21:23 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/12/13 03:03:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/13 03:03:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/28 23:27:48 | 000,079,916 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/11/18 01:17:05 | 000,172,400 | ---- | C] () -- C:\Program Files (x86)\2pres.dll
[2012/04/24 15:39:30 | 000,000,218 | ---- | C] () -- C:\Users\Kat Cyganiak\.recently-used.xbel
[2011/10/23 15:02:40 | 000,000,702 | ---- | C] () -- C:\Windows\HEGAMES.INI
[2011/10/19 13:39:15 | 000,099,350 | ---- | C] () -- C:\Users\Kat Cyganiak\New document 1.2011_10_19_14_39_15.0.svg
[2011/09/15 22:27:17 | 000,000,016 | ---- | C] () -- C:\Windows\RealityFusion.ini
[2010/12/28 22:41:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/15 12:40:44 | 000,000,380 | ---- | C] () -- C:\Users\Kat Cyganiak\Documents - Shortcut.lnk
[2010/09/26 08:50:24 | 000,024,247 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\UserTile.png
[2010/04/17 23:06:53 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/10 06:08:52 | 000,001,356 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Local\d3d9caps.dat
[2009/12/02 01:02:11 | 000,870,128 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\mcs.rma
[2009/12/02 01:02:11 | 000,000,004 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\E2C539
[2009/11/02 14:10:30 | 000,037,376 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 17:26:26 | 000,079,916 | ---- | C] () -- C:\ProgramData\nvModes.dat
========== ZeroAccess Check ==========
[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
-
Hi, I've kinda been following other threads about how to handle these Trojans and what they can do. I also understand that each case is unique so I would appreciate your help. I already have downloaded the necessary virus programs but ran ONLY my Malwarebytes and Chameleon, My Mcafee, (which I don't understand what I'm paying for if it can't catch these things), Rogue Killer; and Farbar. The only anti-virus that I've downloaded to my desk top but have NOT run is Combo-fix. I have ALL log files on hand but PLEASE let me know if I'm ahead of myself or not following your instruction. I REALLY want my computer clean and I WILL donate via Paypal after we're done. THANK YOU in advance. Here is the RK log identifying the Rans. gendarm trojan, I however could not find any evidence of the ZeroAccess Trojan. Please advise.
RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Kat Cyganiak [Admin rights]
Mode : Scan -- Date : 01/07/2013 06:08:28
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 16 ¤¤¤
[RUN][Rans.Gendarm] HKUS\S-1-5-21-1443698480-2959366254-1151133129-1000_Classes[...]\Run : Update (rundll32.exe "C:\Users\Kat Cyganiak\AppData\Roaming\Elluminate\Elluminate\mijimxh.dll",DllRegisterServer) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : SymInstallStub (C:\Users\KATCYG~1\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=5 /affid=rplr /desktopshortcut=1 /startmenushortcut=1 /launchedby=3) -> FOUND
[TASK][sUSP PATH] Norton Product InstallerIdle.job : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=4 -> FOUND
[TASK][sUSP PATH] Norton Product Installer.job : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=2 -> FOUND
[TASK][sUSP PATH] Norton Product Installer : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=2 -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
¤¤¤ Infection : Rans.Gendarm ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] eb6d0d160b40dc281d5f2801a0252f33
[bSP] 7dd49a80c8617bcaaa65ef71a28057c9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_S_01072013_02d0608.txt >>
RKreport[1]_S_01072013_02d0413.txt ; RKreport[2]_S_01072013_02d0608.txt
PLEASE HELP, Rans.Gendarm and possible ZEROACCESS and what else?
in Resolved Malware Removal Logs
Posted
ok, the first time I copied/pasted that text in the window, it pasted all in one line. This time when I pasted it I hit enter where the lines are supposed to be divided and looked like the original and this is what came back. I also shut off ALL of my virus scanners and fire walls.
All processes killed
========== FILES ==========
C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Default\aalecobnbdlnmjlmkbmefgeecfnlnhjl\background.html moved successfully.
C:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe moved successfully.
C:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe moved successfully.
C:\Users\Kat Cyganiak\Downloads\cbsidlm-tr1_7-Free_Convert_MP3_to_WMA-SEO-75176736.exe moved successfully.
C:\Users\Kat Cyganiak\Downloads\DownloadManagerSetup.exe moved successfully.
C:\Users\Kat Cyganiak\Downloads\FreeMp3WmaConverterSetup-r100-w.exe moved successfully.
C:\Users\Kat Cyganiak\Downloads\installer_adobe_illustrator.exe moved successfully.
C:\Users\Kat Cyganiak\Downloads\Setup.exe moved successfully.
C:\Users\Kat Cyganiak\Downloads\WinZip170.exe moved successfully.
File\Folder [EmptyTemp] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 01242013_180137
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
My computer seems to be quite a bit faster