Jump to content

Recommended Posts

Hi.

I've seen some wonderful guidance on this forum and would love some assistance myself.

My laptop contracted 'Vista Anti-virus 2011' last night. I renamed mbam to winlogon as recommended in one of the forums and ran the quick scan. It found 5 trojans but said it couldn't remove everything. Upon restart, there was a warning that some startup programs were blocked.

I know it is not right yet. What should I do next?

Thanks!!

Here's the log from the quick scan:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6239

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

4/1/2011 10:51:32 AM

mbam-log-2011-04-01 (10-51-32).txt

Scan type: Quick scan

Objects scanned: 155086

Time elapsed: 25 minute(s), 12 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

c:\Users\scrap mamma\AppData\Local\nag.exe (Trojan.Agent) -> 4072 -> Failed to unload process.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Scrap Mamma\AppData\Local\nag.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\scrap mamma\AppData\Local\nag.exe (Trojan.Agent) -> Delete on reboot.

c:\Users\scrap mamma\local settings\application data\nag.exe (Trojan.Agent) -> Delete on reboot.

Link to post
Share on other sites

Welcome to the forum, please do this.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Hi MrC,

Thank you for taking my case!

I ran the scan twice since I neglected to check the "Scan All Users" box. Here are the two logs from the second scan (all users):

OTL:

OTL logfile created on: 4/1/2011 2:36:02 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scrap Mamma\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 287.00 Mb Available Physical Memory | 28.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 73.06 Gb Total Space | 22.15 Gb Free Space | 30.32% Space Free | Partition Type: NTFS

Drive E: | 7.39 Gb Total Space | 5.38 Gb Free Space | 72.75% Space Free | Partition Type: FAT32

Computer Name: SCRAPMAMMA-PC | User Name: Scrap Mamma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 14:19:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scrap Mamma\Desktop\OTL.exe

PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe

PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

PRC - [2010/12/16 09:11:52 | 001,195,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/11/12 15:17:32 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

PRC - [2010/11/12 15:17:32 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe

PRC - [2010/09/04 14:09:24 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

PRC - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/11/19 12:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

PRC - [2009/09/08 16:38:07 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007/07/26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2007/07/20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2007/07/06 11:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/06/19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2007/05/18 03:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2007/04/24 16:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe

PRC - [2007/03/22 17:09:28 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007/02/05 18:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe

PRC - [2007/01/25 17:50:26 | 000,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

PRC - [2007/01/25 17:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe

PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2006/10/12 15:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe

PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/04/01 14:19:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scrap Mamma\Desktop\OTL.exe

MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2009/04/10 23:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)

SRV - [2010/11/12 15:17:32 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2010/11/12 15:17:32 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010/09/04 14:09:24 | 000,171,168 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2010/04/14 17:47:40 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)

SRV - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2010/04/08 03:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/11/19 12:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/07/26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/02/05 18:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2007/01/25 17:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2007/01/25 17:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

========== Driver Services (SafeList) ==========

DRV - [2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/11/12 15:17:32 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/11/12 15:17:32 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2010/11/12 15:17:32 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2010/11/12 15:17:32 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/11/12 15:17:32 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/11/12 15:17:32 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/11/12 15:17:32 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2010/11/12 15:17:32 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/11/12 15:17:32 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)

DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/12/14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/09 14:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2006/11/09 14:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2006/09/27 20:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)

DRV - [2006/09/19 10:46:00 | 000,016,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\TdeIo.sys -- (TDEIO)

DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4063447370-325741818-838287236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page

IE - HKU\S-1-5-21-4063447370-325741818-838287236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4063447370-325741818-838287236-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-4063447370-325741818-838287236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "WorldCat"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/28 17:31:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/08 11:04:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 09:41:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/05 12:46:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/02 15:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scrap Mamma\AppData\Roaming\Mozilla\Extensions

[2010/01/02 15:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scrap Mamma\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/03/31 21:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scrap Mamma\AppData\Roaming\Mozilla\Firefox\Profiles\7zub8nak.default\extensions

[2010/04/28 09:29:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Scrap Mamma\AppData\Roaming\Mozilla\Firefox\Profiles\7zub8nak.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/01/17 14:58:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Scrap Mamma\AppData\Roaming\Mozilla\Firefox\Profiles\7zub8nak.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/12/25 22:42:47 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Scrap Mamma\AppData\Roaming\Mozilla\Firefox\Profiles\7zub8nak.default\extensions\en-US@dictionaries.addons.mozilla(36).org

[2011/03/31 09:48:29 | 000,001,278 | ---- | M] () -- C:\Users\Scrap Mamma\AppData\Roaming\Mozilla\Firefox\Profiles\7zub8nak.default\searchplugins\worldcat.xml

[2011/03/09 16:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/27 11:43:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/07 11:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/18 10:02:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/02/09 15:56:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/09 16:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/03/28 17:31:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2009/09/08 16:39:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

[2010/11/12 15:17:32 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101208100434.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-4063447370-325741818-838287236-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-4063447370-325741818-838287236-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Scrap Mamma\Pictures\100_2428.jpg

O24 - Desktop BackupWallPaper: C:\Users\Scrap Mamma\Pictures\100_2428.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0048d4ca-d08a-11dd-aa88-001d60f11cfa}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe

O33 - MountPoints2\{0048d4ca-d08a-11dd-aa88-001d60f11cfa}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-4063447370-325741818-838287236-1000..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-4063447370-325741818-838287236-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/01 14:18:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Scrap Mamma\Desktop\OTL.exe

[2011/04/01 10:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon

[2011/03/31 09:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebEx

[2011/03/31 09:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx

[2011/03/17 14:44:04 | 000,000,000 | ---D | C] -- C:\Users\Scrap Mamma\Documents\My Scans

[2011/03/17 14:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2011/03/17 14:36:17 | 000,000,000 | ---D | C] -- C:\Users\Scrap Mamma\AppData\Roaming\HP

[2011/03/17 14:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2011/03/17 14:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard

[2011/03/17 14:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2011/03/17 14:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP

[2011/03/17 13:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2011/03/17 13:59:37 | 000,000,000 | -H-D | C] -- C:\Config.Msi

[2011/03/17 13:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2011/03/04 14:00:39 | 000,000,000 | ---D | C] -- C:\Users\Scrap Mamma\Documents\Sorensen Elementary

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/01 14:22:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/01 14:19:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scrap Mamma\Desktop\OTL.exe

[2011/04/01 12:54:40 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/04/01 12:54:40 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/04/01 10:58:17 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Verizon Internet Security Suite.lnk

[2011/04/01 10:55:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/01 10:54:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/04/01 10:23:04 | 000,011,180 | -HS- | M] () -- C:\Users\Scrap Mamma\AppData\Local\7a3d8u8784tdd04w7i4a1pj

[2011/04/01 10:23:04 | 000,011,180 | -HS- | M] () -- C:\ProgramData\7a3d8u8784tdd04w7i4a1pj

[2011/03/31 09:57:09 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\WebEx Player.lnk

[2011/03/31 09:57:08 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\WebEx Recorder.lnk

[2011/03/23 15:42:30 | 000,602,442 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/03/23 15:42:30 | 000,104,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/03/19 22:10:19 | 000,005,972 | ---- | M] () -- C:\Users\Scrap Mamma\AppData\Local\d3d9caps.dat

[2011/03/17 14:40:54 | 000,149,054 | ---- | M] () -- C:\Windows\hpoins19.dat

[2011/03/17 14:19:05 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk

[2011/03/17 14:14:44 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2011/03/17 14:12:09 | 000,001,983 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/31 22:08:02 | 000,011,180 | -HS- | C] () -- C:\Users\Scrap Mamma\AppData\Local\7a3d8u8784tdd04w7i4a1pj

[2011/03/31 22:08:02 | 000,011,180 | -HS- | C] () -- C:\ProgramData\7a3d8u8784tdd04w7i4a1pj

[2011/03/31 09:57:09 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\WebEx Player.lnk

[2011/03/31 09:57:08 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\WebEx Recorder.lnk

[2011/03/17 14:19:48 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk

[2011/03/17 14:19:05 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk

[2011/03/17 14:14:44 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2011/03/17 14:12:09 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2011/03/17 13:56:05 | 000,149,054 | ---- | C] () -- C:\Windows\hpoins19.dat

[2011/03/08 09:51:04 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Verizon Internet Security Suite.lnk

[2010/11/01 15:50:13 | 000,000,128 | ---- | C] () -- C:\Users\Scrap Mamma\AppData\Roaming\wklnhst.dat

[2010/04/05 23:09:33 | 000,000,036 | ---- | C] () -- C:\Users\Scrap Mamma\AppData\Local\housecall.guid.cache

[2009/10/29 10:31:38 | 059,094,816 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat

[2009/10/22 11:19:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/10/22 11:19:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/08 17:03:34 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/03/04 11:36:14 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI

[2009/03/01 18:45:44 | 000,001,413 | ---- | C] () -- C:\Windows\inmagic.ini

[2008/08/19 17:40:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll

[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin

[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin

[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin

[2008/01/16 17:41:35 | 000,000,162 | ---- | C] () -- C:\Windows\EPSON Stylus CX5400.ini

[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2007/10/19 23:23:34 | 000,005,972 | ---- | C] () -- C:\Users\Scrap Mamma\AppData\Local\d3d9caps.dat

[2007/10/19 21:35:10 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2007/10/19 21:35:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2007/10/19 21:35:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2007/10/19 21:35:10 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2007/10/19 21:35:10 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2007/10/19 21:35:10 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2007/10/19 21:35:10 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2007/10/19 21:35:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2007/10/19 21:35:10 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2007/10/19 21:35:10 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2007/10/19 21:35:10 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2007/10/19 21:35:10 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2007/10/19 21:35:10 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2007/10/19 21:35:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2007/10/19 21:35:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2007/10/19 21:35:09 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2007/10/19 21:28:30 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw68.bin

[2007/10/19 21:24:40 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV100V350.ini

[2007/10/19 21:02:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2007/10/02 23:57:43 | 000,046,592 | ---- | C] () -- C:\Users\Scrap Mamma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/08/09 16:43:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2007/08/09 16:43:23 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2007/08/09 16:43:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2007/08/09 16:43:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2007/08/09 16:43:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2007/08/09 16:43:23 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007/08/09 16:34:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2007/08/09 16:09:24 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2007/08/09 16:09:24 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2007/08/09 16:09:24 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2007/08/09 16:09:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2007/05/31 11:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll

[2007/05/31 10:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/03/13 13:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 05:44:53 | 000,405,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 03:33:01 | 000,602,442 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 03:33:01 | 000,104,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2001/09/03 12:04:00 | 000,000,182 | ---- | C] () -- C:\Windows\System32\EBPPORT4.DAT

========== LOP Check ==========

[2007/10/26 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\DTS

[2010/02/28 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\Elluminate

[2007/10/19 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\EPSON

[2007/11/20 11:57:36 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\F-Secure

[2007/10/19 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\Leadertech

[2009/02/11 12:01:10 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\MyFamily.com

[2008/08/28 23:25:31 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\SecondLife

[2010/11/01 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\Template

[2010/01/02 15:04:12 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\Thunderbird

[2008/01/14 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\TOSHIBA

[2010/06/18 16:36:48 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\Uniblue

[2009/08/24 10:27:23 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\W Photo Studio Viewer

[2007/10/03 18:46:28 | 000,000,000 | ---D | M] -- C:\Users\Scrap Mamma\AppData\Roaming\WinBatch

[2011/04/01 10:53:20 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2009/10/29 10:27:56 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????4???????????????????????) -- C:\Windows\System32\????????????????????????????????????????????

[2009/10/29 10:27:56 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????4???????????????????????) -- C:\Windows\System32\????????????????????????????????????????????

< End of report >

Extras:

OTL Extras logfile created on: 4/1/2011 2:36:02 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scrap Mamma\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 287.00 Mb Available Physical Memory | 28.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 73.06 Gb Total Space | 22.15 Gb Free Space | 30.32% Space Free | Partition Type: NTFS

Drive E: | 7.39 Gb Total Space | 5.38 Gb Free Space | 72.75% Space Free | Partition Type: FAT32

Computer Name: SCRAPMAMMA-PC | User Name: Scrap Mamma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4063447370-325741818-838287236-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0CCA6A13-2AF4-4805-BF4F-8B15A813B2B9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7D77635E-7306-44F3-89D5-00DFE7BB4235}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{808B0FD7-8F66-4620-97DE-CD84B07937D6}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{85808024-E22C-4369-A603-6DA4766D8D7B}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |

"{B5057353-DB21-4B88-80E3-5493DDDC355C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{C6B1F4F6-3E6E-45B6-8551-C784D9D30653}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DA30A9C0-949B-4CD3-95B7-2BB2157C5A40}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{093DC023-51FD-4D04-B10E-19EE1F70F421}" = WebEx Recorder and Player

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{0F1A3568-7419-4115-A207-512B9F688267}" = Creative Memories Memory Manager 2

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V350 Photo Scanner Driver Update

"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24

"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing

"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{574157B0-9D84-49d9-B08B-5296638BF5EE}" = 4300_Help

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree

"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax

"{855544EF-FF9E-4BB0-9CCF-B9D930FE6FFD}" = Memory Manager Shared Components Update

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8F923666-3ACE-492E-BCDD-D00AAAD10C23}" = Inmagic DB/TextWorks

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{977979FA-09FD-4163-871C-3DBF23D86808}" = OCLC Dewey Cutter Program

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy

"{A3C7B70F-E60A-4429-B0EF-D5289EF89C5B}" = Creative Memories StoryBook Creator Plus

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5

"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista

"{B0B2407C-AA1A-4812-85DA-E833D5BC3E97}" = 4300

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EBEAF45A-58C3-44c8-8714-87909EBD6BC2}" = 4300Trb

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{EE295D30-A10C-44F6-B14C-05E0D99429E4}" = FTMVistaUpdater

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006

"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare

"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime

"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements

"Adobe SVG Viewer" = Adobe SVG Viewer

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"Google Desktop" = Google Desktop

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPOCR" = HP OCR Software 8.0

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{8F923666-3ACE-492E-BCDD-D00AAAD10C23}" = Inmagic DB/TextWorks 11.00

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)

"MSC" = Verizon Internet Security Suite

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44

"RealPlayer 12.0" = RealPlayer

"RSSOwl" = RSSOwl

"Sales Assistant" = Sales Assistant

"SecondLife" = SecondLife (remove only)

"Silent Package Run-Time Sample" = EPSON Perfection V350P User's Guide

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"WildTangent toshiba Master Uninstall" = TOSHIBA Games

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4063447370-325741818-838287236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/14/2011 12:50:00 AM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/14/2011 12:50:00 AM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/16/2011 1:43:54 AM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/16/2011 1:44:14 AM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/16/2011 1:44:14 AM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/17/2011 5:58:28 PM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/17/2011 5:58:29 PM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/17/2011 7:04:16 PM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/17/2011 7:04:16 PM | Computer Name = ScrapMamma-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 1/17/2011 9:59:04 PM | Computer Name = ScrapMamma-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 4040 (0xfc8) Thread address : 0x77905E74 Thread message : Build VSCORE.14.2.0.794

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\ProgramData\Alwil Software\Avast5\db1c7f5e412dae9b6-18de3609.dat

by System 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

[ System Events ]

Error - 4/1/2011 1:35:18 AM | Computer Name = ScrapMamma-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 4/1/2011 1:35:34 AM | Computer Name = ScrapMamma-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 4/1/2011 1:35:35 AM | Computer Name = ScrapMamma-PC | Source = DCOM | ID = 10005

Description =

Error - 4/1/2011 1:35:35 AM | Computer Name = ScrapMamma-PC | Source = DCOM | ID = 10005

Description =

Error - 4/1/2011 1:35:36 AM | Computer Name = ScrapMamma-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 4/1/2011 1:37:20 AM | Computer Name = ScrapMamma-PC | Source = DCOM | ID = 10005

Description =

Error - 4/1/2011 1:37:55 AM | Computer Name = ScrapMamma-PC | Source = DCOM | ID = 10005

Description =

Error - 4/1/2011 1:18:23 PM | Computer Name = ScrapMamma-PC | Source = netbt | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not

allow the name to be claimed by this computer.

Error - 4/1/2011 1:20:52 PM | Computer Name = ScrapMamma-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 4/1/2011 1:52:52 PM | Computer Name = ScrapMamma-PC | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/04/01 10:23:04 | 000,011,180 | -HS- | M] () -- C:\Users\Scrap Mamma\AppData\Local\7a3d8u8784tdd04w7i4a1pj
    [2011/04/01 10:23:04 | 000,011,180 | -HS- | M] () -- C:\ProgramData\7a3d8u8784tdd04w7i4a1pj
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

---------------------------------------

Then we have to run ComboFix.

The most important things to remember when running ComboFix is download and run it from your desktop and make sure you disable your anti-virus programs before you run it.

Please download and run ComboFix:

A few notes first:

[*]ComboFix is compatible exclusively with XP and W2K (32-bit only) <===> Vista and Windows 7 (32-bit and 64-bit)

[*]ComboFix must be run from an Administrative account.

[*]Vista and W7 users - Right click, choose "Run as Administrator"

[*]It must be downloaded to and run from your desktop.

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (see below)

[*]ComboFix Guide <---please read!

Download ComboFix from one of these locations: (you may have to use right click > save target as)

[*]Link 1

[*]Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit.

More info HERE<-------

They may interfere with the running of ComboFix.

Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover

[*]Double click on ComboFix.exe & follow the prompts.

[*]Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

[*] Note: If you have SP3, use the SP2 package.

If Vista or Windows 7, skip the Recovery Console part

[*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[*]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

[*]1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

[*]2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

[*]3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!.

[*]4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix and Here

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

[*]5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

OK, here's the OTL log and the ComboFix log. Again, thank you!

Trish : )

OTL:

All processes killed

========== OTL ==========

C:\Users\Scrap Mamma\AppData\Local\7a3d8u8784tdd04w7i4a1pj moved successfully.

C:\ProgramData\7a3d8u8784tdd04w7i4a1pj moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Scrap Mamma

->Temp folder emptied: 1247353334 bytes

->Temporary Internet Files folder emptied: 24634566 bytes

->Java cache emptied: 95302564 bytes

->FireFox cache emptied: 43545446 bytes

->Flash cache emptied: 2893488 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 675840 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 207115792 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8310402 bytes

RecycleBin emptied: 4699251 bytes

Total Files Cleaned = 1,559.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04012011_155827

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ComboFix:

ComboFix 11-04-01.01 - Scrap Mamma 04/01/2011 16:30:59.1.2 - x86

Microsoft

Link to post
Share on other sites

Hi MrC,

I'm glad to hear it's looking good.

Thanks!

Trish : )

Here's the log from the MBAM scan:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6242

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

4/1/2011 5:38:07 PM

mbam-log-2011-04-01 (17-38-07).txt

Scan type: Quick scan

Objects scanned: 158568

Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malwarebytes' Anti-Malware (reboot) (Trojan.Agent) -> Value: Malwarebytes' Anti-Malware (reboot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Great :) :)

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

--------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Hi MrC,

The computer is running nicely. Maybe even a little better than before. :D I had a minor issue with accessing my wifi yesterday, but I got it working.

Thank you so much for your assistance! Your list of tips was a great reminder to create a recovery point. Thanks for that too. This week I'll be looking at switching from McAfee (which let two of these things through) to Malwarebytes.

Have a great weekend and thanks again for all your help! Look for a little somethin' in your tip jar. ;)

Trish :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.