-
Here's the rest....
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-12 16:52 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 04:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-12 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 04:11 2872120 ------w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 04:11 2872120 ------w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 04:11 2872120 ------w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-05-16 4395104]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2012-05-16 214576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-10-24 33304]
"MWLExe"="c:\progra~1\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 1282048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 258118]
"PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2011-02-16 28488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-07 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-07 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-07 154136]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 57344]
"McAfeeWrapperApplication"="c:\program files\McAfeeMOBK\WrapperTrayIcon.exe" [2010-11-01 453344]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-27 992816]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-12 1107552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-1 50688]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2012-1-22 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 0271761341602343mcinstcleanup;McAfee Application Installer Cleanup (0271761341602343);c:\windows\TEMP\027176~1.EXE [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 03:44]
.
2012-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-07-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={C96D4DF8-59CE-4206-B7C5-D03F29772532}&mid=28de95e7bab447d0bac8d157716ebc84-3d0a17156c5f9c0cb85bd1076241fe91f64e4dc1&lang=en&ds=ft011&pr=sa&d=2012-07-12 09:52&v=11.1.0.12&sap=hp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Janette\AppData\Roaming\Mozilla\Firefox\Profiles\pk4iz42a.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,205,0_0,StartPage,20120728,16900,0,30,0
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be2f439ba-e9f0-443b-84f2-0f3e76b1a6ab%7D&mid=28de95e7bab447d0bac8d157716ebc84-3d0a17156c5f9c0cb85bd1076241fe91f64e4dc1&ds=ft011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-12%2007%3A45%3A15&sap=ku&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-Game Console - WildGames - c:\program files\WildGames\Game Console - WildGames\Uninstall.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-WT037889 - c:\program files\WildGames\Cafe Mahjongg\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 15:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Seagate-Replica-Service]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Seagate-Replica-Svc]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(344)
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\windows\system32\Sensor.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\DDNI\DIBS\DDNIService.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\ThinkPad\Utilities\DOZESVC.EXE
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\LENOVO\VIRTSCRL\lvvsst.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Seagate Replica\bin\ReplicaSysMon.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Tray.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\windows\ehome\mcupdate.EXE
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Diskeeper Corporation\Diskeeper\DfrgFat.exe
.
**************************************************************************
.
Completion time: 2012-07-12 16:01:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 23:01
.
Pre-Run: 109,807,476,736 bytes free
Post-Run: 109,683,220,480 bytes free
.
- - End Of File - - 6CF4357C847ED40E2A32830BAF049DE8
-
Oops. I posted the 2nd half of the scan twice.
-
Looks good.
How is computer doing?
- Download RogueKiller on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
The computer is doing some weird things. I tried running the RogueKiller scan numerous times unsuccessfully. I changed the name to winlogon.exe and tried 4 times and it would not work. Changed the name to winlogon.com, tried 4 times and that would not work. Is there another name I can change it to?
Also, this window pops up every 5 minutes or so, and has all day:
"Lenove ThinkVantage Toolbox has stopped working.
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."
And when I try to use Mozilla or Firefox this comes up:
"FireFox/Mozilla is already running, but is not responding. To open a new window, you must first close the existing FireFox/Mozilla process, or restart your system. After several restarts this window still comes up.
I've been using Internet Explorer for now, which I don't know my way around but at least it works.
-
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
- Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive. - The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
I downloaded the Farbar Scan Tool to a flash drive, and followed the instructions. Ran into a snag though. When the Advanced Boot Options came up I selected Repair Computer. The next thing that came up asked me to insert installation discs. I do not have them. That's as far as I got. I did a scan with the Farbar Tool and here are the results.
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
Ran by Janette at 13-07-2012 08:57:26
Running from D:\
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
============ One Month Created Files and Folders ==============
2012-07-13 08:08 - 2012-07-13 08:50 - 00001745 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-07-12 21:22 - 2012-07-12 21:22 - 00000000 ____D C:\Users\Janette\AppData\Roaming\PwrMgr
2012-07-12 21:17 - 2012-07-12 21:20 - 00000128 ____A C:\Windows\System32\TPAPSLOG.LOG
2012-07-12 21:14 - 2012-07-13 08:57 - 00000000 ____D C:\FRST
2012-07-12 19:47 - 2012-07-12 20:05 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-07-12 19:47 - 2012-07-12 20:05 - 00000000 ____D C:\Users\Janette\Desktop\RK_Quarantine
2012-07-12 19:46 - 2012-07-12 19:46 - 01558016 ____A C:\Users\Janette\Desktop\winlogon.com.exe
2012-07-12 16:04 - 2012-07-12 16:04 - 00053267 ____A C:\Users\Janette\Desktop\ComboRix.txt
2012-07-12 16:01 - 2012-07-12 16:01 - 00053267 ____A C:\ComboFix.txt
2012-07-12 15:25 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-12 15:25 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-12 15:25 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-12 15:25 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-12 15:25 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-12 15:25 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-12 15:25 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-12 15:25 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-12 15:24 - 2012-07-12 16:01 - 00000000 ____D C:\Qoobox
2012-07-12 15:24 - 2012-07-12 15:56 - 00000000 ____D C:\Windows\erdnt
2012-07-12 15:16 - 2012-07-12 15:16 - 04576941 ____R (Swearware) C:\Users\Janette\Desktop\ComboFix.exe
2012-07-12 14:50 - 2012-07-12 14:50 - 00025707 ____A C:\Users\Janette\Documents\DDS.txt
2012-07-12 14:46 - 2012-07-12 14:46 - 00607260 ____R (Swearware) C:\Users\Janette\Downloads\dds.scr
2012-07-12 11:23 - 2012-07-12 11:23 - 00013127 ____A C:\Users\Janette\Documents\Attach.txt
2012-07-12 11:15 - 2012-07-12 11:15 - 00680258 ____A C:\Users\Janette\Documents\GMER Scan log.log
2012-07-12 10:05 - 2012-07-12 10:05 - 00014313 ____A C:\Users\Janette\Documents\scanlog.7z
2012-07-12 09:53 - 2012-07-12 09:53 - 00000000 ____D C:\Users\Janette\AppData\Local\AVG Secure Search
2012-07-12 09:52 - 2012-07-12 09:54 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-07-12 09:52 - 2012-07-12 09:53 - 00000000 ____D C:\Program Files\AVG Secure Search
2012-07-12 09:52 - 2012-07-12 09:52 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2012-07-12 09:52 - 2012-07-12 09:52 - 00000000 ____D C:\Program Files\7-Zip
2012-07-12 09:51 - 2012-07-12 09:51 - 01110476 ____A C:\Users\Janette\Downloads\7z920(78).exe
2012-07-11 21:38 - 2012-07-11 21:38 - 00000000 ____D C:\Users\Janette\AppData\Local\Lenovo
2012-07-11 20:28 - 2012-07-11 20:28 - 00000000 ____A C:\Windows\qfeD7BA.tmp
2012-07-11 20:22 - 2012-05-16 06:32 - 03745376 ____N (Lenovo Group Limited) C:\Windows\System32\PWMCP32V.cpl
2012-07-11 20:22 - 2012-05-16 06:32 - 02693728 ____N (Lenovo Group Limited) C:\Windows\PWMBTHLV.EXE
2012-07-11 20:22 - 2012-05-16 06:32 - 00025416 ____N (Lenovo.) C:\Windows\System32\Drivers\DOZEHDD.SYS
2012-07-11 20:18 - 2010-09-07 14:09 - 00013680 ____A (Lenovo Group Limited) C:\Windows\System32\Drivers\smiif32.sys
2012-07-11 20:16 - 2006-01-12 14:52 - 00001904 ____N C:\Windows\System32\SetupBD.din
2012-07-11 20:05 - 2009-04-29 04:19 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2012-07-11 18:58 - 2012-07-11 18:58 - 00001800 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-07-11 18:46 - 2012-07-11 18:46 - 00000856 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-11 18:46 - 2012-07-11 18:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-07-11 18:13 - 2012-07-11 18:13 - 00000802 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-11 14:36 - 2012-07-11 14:36 - 00000916 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 14:36 - 2012-07-11 14:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-11 14:36 - 2012-04-04 15:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-11 14:05 - 2012-07-11 14:26 - 00000370 ____A C:\rkill.log
2012-07-11 13:51 - 2012-07-11 13:51 - 00000000 ____D C:\B
2012-07-11 13:21 - 2012-07-11 13:21 - 00001974 ____A C:\Users\Janette\Documents\aswMBR.txt
2012-07-11 13:21 - 2012-07-11 13:21 - 00000512 ____A C:\Users\Janette\Documents\MBR.dat
2012-07-11 12:18 - 2012-07-12 10:00 - 00575691 ____A C:\Users\Janette\Documents\scanlog.log
2012-07-11 10:45 - 2012-07-11 10:46 - 00000000 ____D C:\Windows\System32\config\RCCBakup
2012-07-11 08:01 - 2012-07-11 08:02 - 00000000 ____D C:\Program Files\Ask.com
2012-07-10 22:24 - 2012-06-13 06:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 22:19 - 2012-06-02 02:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 22:19 - 2012-06-02 01:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 22:19 - 2012-06-02 01:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 22:19 - 2012-06-02 01:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 22:19 - 2012-06-02 01:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 22:19 - 2012-06-02 01:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 22:19 - 2012-06-02 01:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 22:19 - 2012-06-02 01:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 22:19 - 2012-06-02 01:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 22:19 - 2012-06-02 01:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 22:19 - 2012-06-02 01:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 22:19 - 2012-06-02 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 22:19 - 2012-06-02 01:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 22:19 - 2012-06-02 01:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 19:43 - 2012-06-08 10:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 19:43 - 2012-06-05 09:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 19:43 - 2012-06-05 09:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 19:42 - 2012-06-04 08:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 19:42 - 2012-06-01 17:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 19:42 - 2012-06-01 17:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 15:26 - 2012-07-10 18:08 - 00000000 ____D C:\Windows\pss
2012-07-10 09:37 - 2012-07-10 09:38 - 00000000 ___AH C:\Users\All Users\-dEXeuNYt1835dg
2012-06-28 10:15 - 2012-06-28 10:15 - 00000000 ___HD C:\Users\Janette\AppData\Local\Macromedia
2012-06-26 16:46 - 2012-06-26 16:47 - 00809328 ____A (AirInstaller Inc.) C:\Users\Janette\Documents\setup.exe
2012-06-26 16:20 - 2012-06-26 16:20 - 00212224 ____A (Big Fish Games) C:\Users\Janette\Documents\bigfishgames_p17662288_s1_l1(1).exe
2012-06-26 16:20 - 2012-06-26 16:20 - 00001188 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-06-21 02:16 - 2012-06-02 15:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 02:16 - 2012-06-02 15:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 02:16 - 2012-06-02 15:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 02:16 - 2012-06-02 15:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 02:15 - 2012-06-02 15:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 02:15 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 02:15 - 2012-06-02 15:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 02:15 - 2012-06-02 15:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 02:15 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 19:23 - 2008-10-20 11:04 - 03240056 ___AH C:\Users\Janette\Documents\San Francisco 1974.bmp
2012-06-14 09:38 - 2012-07-12 21:22 - 00001846 ____A C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
2012-06-13 03:36 - 2012-04-23 09:00 - 00984064 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 03:36 - 2012-04-23 09:00 - 00133120 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 03:36 - 2012-04-23 09:00 - 00098304 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 03:32 - 2012-05-01 07:03 - 00180736 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
============ 3 Months Modified Files ========================
2012-07-13 08:56 - 2008-02-01 01:57 - 01738977 ____A C:\Windows\WindowsUpdate.log
2012-07-13 08:50 - 2012-07-13 08:08 - 00001745 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-07-13 08:45 - 2006-11-02 06:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-13 08:45 - 2006-11-02 05:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-13 08:45 - 2006-11-02 05:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-13 08:37 - 2006-11-02 06:01 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-13 08:21 - 2012-04-17 15:04 - 00000528 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-13 08:19 - 2012-04-17 15:04 - 00000466 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-12 21:22 - 2012-06-14 09:38 - 00001846 ____A C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
2012-07-12 21:20 - 2012-07-12 21:17 - 00000128 ____A C:\Windows\System32\TPAPSLOG.LOG
2012-07-12 21:11 - 2006-11-02 03:33 - 00841748 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 20:44 - 2012-04-13 08:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-12 20:05 - 2012-07-12 19:47 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-07-12 19:46 - 2012-07-12 19:46 - 01558016 ____A C:\Users\Janette\Desktop\winlogon.com.exe
2012-07-12 16:04 - 2012-07-12 16:04 - 00053267 ____A C:\Users\Janette\Desktop\ComboRix.txt
2012-07-12 16:01 - 2012-07-12 16:01 - 00053267 ____A C:\ComboFix.txt
2012-07-12 15:39 - 2012-02-09 14:09 - 00038138 ____A C:\Windows\PFRO.log
2012-07-12 15:38 - 2006-11-02 03:22 - 61603840 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-12 15:38 - 2006-11-02 03:22 - 43778048 ____A C:\Windows\System32\config\COMPON~2.bak
2012-07-12 15:38 - 2006-11-02 03:22 - 24379392 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-12 15:38 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-12 15:38 - 2006-11-02 03:22 - 00061440 ____A C:\Windows\System32\config\SAM.bak
2012-07-12 15:38 - 2006-11-02 03:22 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-12 15:16 - 2012-07-12 15:16 - 04576941 ____R (Swearware) C:\Users\Janette\Desktop\ComboFix.exe
2012-07-12 14:50 - 2012-07-12 14:50 - 00025707 ____A C:\Users\Janette\Documents\DDS.txt
2012-07-12 14:46 - 2012-07-12 14:46 - 00607260 ____R (Swearware) C:\Users\Janette\Downloads\dds.scr
2012-07-12 11:23 - 2012-07-12 11:23 - 00013127 ____A C:\Users\Janette\Documents\Attach.txt
2012-07-12 11:15 - 2012-07-12 11:15 - 00680258 ____A C:\Users\Janette\Documents\GMER Scan log.log
2012-07-12 10:05 - 2012-07-12 10:05 - 00014313 ____A C:\Users\Janette\Documents\scanlog.7z
2012-07-12 10:00 - 2012-07-11 12:18 - 00575691 ____A C:\Users\Janette\Documents\scanlog.log
2012-07-12 09:51 - 2012-07-12 09:51 - 01110476 ____A C:\Users\Janette\Downloads\7z920(78).exe
2012-07-11 20:44 - 2012-04-13 08:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-11 20:44 - 2012-04-13 08:52 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-11 20:28 - 2012-07-11 20:28 - 00000000 ____A C:\Windows\qfeD7BA.tmp
2012-07-11 18:58 - 2012-07-11 18:58 - 00001800 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-07-11 18:46 - 2012-07-11 18:46 - 00000856 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-11 18:13 - 2012-07-11 18:13 - 00000802 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-11 16:00 - 2008-02-05 10:40 - 00007324 ____A C:\Users\Janette\AppData\Local\d3d9caps.dat
2012-07-11 14:48 - 2008-02-01 03:11 - 00001732 ____A C:\tvtpktfilter.dat
2012-07-11 14:36 - 2012-07-11 14:36 - 00000916 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 14:26 - 2012-07-11 14:05 - 00000370 ____A C:\rkill.log
2012-07-11 13:21 - 2012-07-11 13:21 - 00001974 ____A C:\Users\Janette\Documents\aswMBR.txt
2012-07-11 13:21 - 2012-07-11 13:21 - 00000512 ____A C:\Users\Janette\Documents\MBR.dat
2012-07-10 22:36 - 2006-11-02 05:47 - 03882056 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 22:24 - 2012-02-10 18:38 - 00000091 ____A C:\Windows\win.ini
2012-07-10 22:20 - 2006-11-02 03:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-10 19:03 - 2006-11-02 03:22 - 61603840 ____A C:\Windows\System32\config\software_previous
2012-07-10 19:03 - 2006-11-02 03:22 - 43515904 ____A C:\Windows\System32\config\components_previous
2012-07-10 19:03 - 2006-11-02 03:22 - 24379392 ____A C:\Windows\System32\config\system_previous
2012-07-10 19:03 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-07-10 19:03 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-07-10 19:03 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-07-10 09:38 - 2012-07-10 09:37 - 00000000 ___AH C:\Users\All Users\-dEXeuNYt1835dg
2012-07-07 13:50 - 2010-05-24 19:06 - 00076800 ___AH C:\Users\Janette\Documents\8.5x11 Blank Template.pub
2012-06-26 16:47 - 2012-06-26 16:46 - 00809328 ____A (AirInstaller Inc.) C:\Users\Janette\Documents\setup.exe
2012-06-26 16:20 - 2012-06-26 16:20 - 00212224 ____A (Big Fish Games) C:\Users\Janette\Documents\bigfishgames_p17662288_s1_l1(1).exe
2012-06-26 16:20 - 2012-06-26 16:20 - 00001188 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-06-22 15:23 - 2011-03-22 11:32 - 00064000 ___AH C:\Users\Janette\Documents\13x19 blank template.pub
2012-06-21 14:59 - 2008-03-15 17:36 - 00044776 ___AH C:\Users\Public\Documents\AcSvc.dmp
2012-06-13 06:40 - 2012-07-10 22:24 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 12:03 - 2008-02-25 09:22 - 00067072 ____H C:\Users\Janette\Documents\9x12 Blank Template.pub
2012-06-08 10:47 - 2012-07-10 19:43 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-07 09:43 - 2008-02-05 10:44 - 00154824 ____H C:\Users\Janette\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-05 09:47 - 2012-07-10 19:43 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 09:47 - 2012-07-10 19:43 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 08:26 - 2012-07-10 19:42 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 15:19 - 2012-06-21 02:16 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 15:19 - 2012-06-21 02:16 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 15:19 - 2012-06-21 02:16 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 15:19 - 2012-06-21 02:15 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 15:19 - 2012-06-21 02:15 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:19 - 2012-06-21 02:15 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 15:12 - 2012-06-21 02:16 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 15:12 - 2012-06-21 02:15 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:12 - 2012-06-21 02:15 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 02:07 - 2012-07-10 22:19 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 01:43 - 2012-07-10 22:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 01:33 - 2012-07-10 22:19 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 01:26 - 2012-07-10 22:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 01:25 - 2012-07-10 22:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 01:25 - 2012-07-10 22:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 01:23 - 2012-07-10 22:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 01:21 - 2012-07-10 22:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 01:20 - 2012-07-10 22:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 01:19 - 2012-07-10 22:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 01:19 - 2012-07-10 22:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 01:17 - 2012-07-10 22:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 01:16 - 2012-07-10 22:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 01:14 - 2012-07-10 22:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 17:04 - 2012-07-10 19:42 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 17:03 - 2012-07-10 19:42 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 12:25 - 2010-03-18 11:11 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 12:58 - 2012-02-10 18:03 - 00000994 ____A C:\Users\Public\Desktop\Adobe Photoshop Elements 4.0.lnk
2012-05-30 12:58 - 2008-02-09 12:36 - 00053230 ____N C:\Windows\DirectX.log
2012-05-30 12:54 - 2012-02-10 18:01 - 00000209 ____N C:\Windows\ODBCINST.INI
2012-05-16 06:32 - 2012-07-11 20:22 - 03745376 ____N (Lenovo Group Limited) C:\Windows\System32\PWMCP32V.cpl
2012-05-16 06:32 - 2012-07-11 20:22 - 02693728 ____N (Lenovo Group Limited) C:\Windows\PWMBTHLV.EXE
2012-05-16 06:32 - 2012-07-11 20:22 - 00025416 ____N (Lenovo.) C:\Windows\System32\Drivers\DOZEHDD.SYS
2012-05-16 06:32 - 2008-02-01 02:16 - 00017736 ____N (Lenovo Group Limited) C:\Windows\System32\Drivers\TPPWR32V.SYS
2012-05-14 09:06 - 2009-07-11 12:56 - 00400384 ____H C:\Users\Janette\Documents\11x14 Blank Template.pub
2012-05-07 09:39 - 2012-05-07 09:39 - 01637016 ____A C:\Users\Janette\Documents\AmazonMP3DownloaderInstall.exe
2012-05-03 19:14 - 2008-02-06 17:52 - 00046080 ____A C:\Users\Janette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-02 19:34 - 2012-05-02 19:34 - 00212224 ____A (Big Fish Games) C:\Users\Janette\Documents\bigfishgames_p17662288_s1_l1.exe
2012-05-02 14:14 - 2011-04-03 14:56 - 00161280 ____H C:\Users\Janette\Documents\Personal notes on Joe's Medical condition.pub
2012-05-02 11:22 - 2012-05-02 11:22 - 00212224 ____A (Big Fish Games) C:\Users\Janette\Documents\bigfishgames_p119341894_s1_l1.exe
2012-05-01 07:03 - 2012-06-13 03:32 - 00180736 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-29 16:35 - 2012-02-02 16:10 - 00092160 ____H C:\Users\Janette\Documents\Neddy questions writings to be used in future.pub
2012-04-23 09:00 - 2012-06-13 03:36 - 00984064 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 09:00 - 2012-06-13 03:36 - 00133120 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 09:00 - 2012-06-13 03:36 - 00098304 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-18 12:08 - 2012-04-18 12:08 - 00144680 ____N C:\Windows\Minidump\Mini041812-01.dmp
2012-04-18 12:08 - 2012-03-24 15:03 - 249754018 ____N C:\Windows\MEMORY.DMP
2012-04-15 12:37 - 2012-04-15 12:37 - 00000868 ____A C:\Users\Public\Desktop\My Replica.lnk
2012-04-15 12:37 - 2012-04-11 10:23 - 00000939 ____N C:\Seagate-Replica-Un.dll.log
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 55%
Total physical RAM: 3061.34 MB
Available physical RAM: 1374.33 MB
Total Pagefile: 6323.71 MB
Available Pagefile: 4141 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.7 MB
======================= Partitions =========================
1 Drive c: (SW_Preload) (Fixed) (Total:226.12 GB) (Free:99.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (STORE N GO) (Removable) (Total:3.83 GB) (Free:0.45 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 514 MB 0 B
Disk 2 Online 3935 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 6925 MB 1024 KB
Partition 2 Primary 226 GB 6926 MB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SW_Preload NTFS Partition 226 GB Healthy System (partition with boot components)
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 513 MB 32 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 NVCACHE FAT32 Partition 513 MB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3935 MB 16 KB
==================================================================================
Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D STORE N GO FAT32 Removable 3935 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-13 08:51
======================= End Of Log ==========================
-
That's fine because I don't see anything malicious there.
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
-
While doing the OTL scan (at System Event Log Record 57723) an Error window popped up:
"Win32 Error Code: 23.
Data error (cyclic redundancy check)"
I hit "Okay" and watched the screen for about 5 minutes. Nothing happened. I minimized the OTL window, and I'm sending you what was put on the desktop:
(It's in 2 parts)
OTL logfile created on: 7/13/2012 5:37:43 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Janette\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 60.72% Memory free
6.18 Gb Paging File | 4.48 Gb Available in Paging File | 72.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.12 Gb Total Space | 98.03 Gb Free Space | 43.35% Space Free | Partition Type: NTFS
Computer Name: JANETTE-LAPTOP | User Name: Janette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/13 17:36:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Janette\Desktop\OTL.exe
PRC - [2012/07/12 09:52:42 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/12 09:52:37 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/05/16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2012/05/16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2012/05/16 06:32:00 | 000,476,256 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2012/05/16 06:32:00 | 000,280,640 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2012/05/16 06:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/07/12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/04/08 14:59:50 | 000,419,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/07/08 18:03:58 | 001,630,672 | --S- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe
PRC - [2010/07/08 18:03:52 | 001,868,240 | --S- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe
PRC - [2010/07/08 18:00:34 | 000,200,144 | --S- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe
PRC - [2010/07/08 17:59:20 | 000,870,912 | --S- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/26 04:08:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/06 17:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2008/04/07 16:40:10 | 000,166,376 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/09 11:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 16:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 16:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/07/05 16:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 16:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 16:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/03/13 10:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/02/05 15:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/30 13:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
PRC - [2007/01/08 21:03:26 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/01/08 20:49:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/15 17:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 17:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/15 17:12:26 | 000,376,922 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgFAT.exe
PRC - [2006/10/12 16:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2005/10/03 13:04:04 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/16 02:37:04 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/12 09:52:43 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/12 09:52:37 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/07/11 20:24:22 | 000,158,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PWMUIAux\9868801ae8df894916ef9361f97df441\PWMUIAux.ni.exe
MOD - [2012/07/11 20:24:20 | 000,959,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PWMUICtl\cb3c03a1d1650b2c15a407e76deed4e6\PWMUICtl.ni.dll
MOD - [2012/06/14 09:06:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 09:06:43 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 09:05:36 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 09:05:00 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/16 06:32:00 | 000,101,888 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMROV.DLL
MOD - [2012/05/16 06:32:00 | 000,083,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2012/05/14 03:35:02 | 000,539,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bbfbadb527a3ce339eef5f304a12f0c7\PresentationFramework.Luna.ni.dll
MOD - [2012/05/14 03:34:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/14 03:33:58 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/14 03:33:53 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/14 03:33:13 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009/11/14 22:03:46 | 000,624,640 | --S- | M] () -- C:\Program Files\Seagate Replica\bin\QtSqlRebit4.dll
MOD - [2009/11/14 22:03:24 | 007,589,888 | --S- | M] () -- C:\Program Files\Seagate Replica\bin\QtGuiRebit4.dll
MOD - [2009/11/14 21:50:06 | 002,038,272 | --S- | M] () -- C:\Program Files\Seagate Replica\bin\QtCoreRebit4.dll
MOD - [2009/11/14 21:12:54 | 000,062,464 | --S- | M] () -- C:\Program Files\Seagate Replica\bin\zlib1.dll
MOD - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2007/04/14 06:30:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/03/13 17:13:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2007/02/16 21:01:00 | 000,081,920 | ---- | M] () -- C:\Program Files\FinePixViewer\wia_register_event.dll
MOD - [2007/01/08 20:08:24 | 000,110,592 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe -- (Seagate-Replica-SysMon)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule -- (Seagate-Replica-Service)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (GameConsoleService)
SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\027176~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0271761341602343mcinstcleanup) McAfee Application Installer Cleanup (0271761341602343)
SRV - [2012/07/12 09:52:42 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/11 20:44:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 15:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/05/16 06:32:00 | 000,280,640 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/07/08 18:03:52 | 001,868,240 | --S- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe -- (Seagate-Replica-Svc)
SRV - [2010/07/08 18:00:34 | 000,200,144 | --S- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe -- (ReplicaSysMon)
SRV - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/04/06 17:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2008/04/07 16:40:10 | 000,166,376 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/09 11:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/28 10:33:02 | 000,910,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc)
SRV - [2007/07/05 16:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/07/05 16:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/02/05 15:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/08 21:03:26 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/15 17:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/03 13:04:04 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/07/12 20:05:25 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/05/16 06:32:00 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2012/05/16 06:32:00 | 000,017,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/11 15:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/04/13 21:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/01 14:08:34 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/03/05 18:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/19 00:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/10/17 20:58:16 | 000,758,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/16 19:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007/10/16 19:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/10/02 03:53:02 | 000,220,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2007/06/07 17:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/05/22 16:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/03/13 17:13:54 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/03/13 17:13:32 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/03/13 17:13:30 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/03/13 17:13:30 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/03/13 17:13:28 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/03/13 17:13:26 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/03/13 17:13:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/03/13 17:13:24 | 000,104,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/28 00:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 01:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2001/08/09 19:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EPLPDX02.SYS -- (Eplpdx02)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{8EA3020D-938C-4106-9E80-31B3115264CE}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={C96D4DF8-59CE-4206-B7C5-D03F29772532}&mid=28de95e7bab447d0bac8d157716ebc84-3d0a17156c5f9c0cb85bd1076241fe91f64e4dc1&lang=en&ds=ft011&pr=sa&d=2012-07-12 09:52:45&v=11.1.0.12&sap=hp
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..\SearchScopes\{16D8854A-0316-617F-DA9E-DF084C1364B6}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..\SearchScopes\{45DA25B3-EC74-4933-8E1F-4FF592449C30}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..\SearchScopes\{8EA3020D-938C-4106-9E80-31B3115264CE}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C96D4DF8-59CE-4206-B7C5-D03F29772532}&mid=28de95e7bab447d0bac8d157716ebc84-3d0a17156c5f9c0cb85bd1076241fe91f64e4dc1&lang=en&ds=ft011&pr=sa&d=2012-07-12 09:52:45&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,205,0_0,StartPage,20120728,16900,0,30,0"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.1
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Be2f439ba-e9f0-443b-84f2-0f3e76b1a6ab%7D&mid=28de95e7bab447d0bac8d157716ebc84-3d0a17156c5f9c0cb85bd1076241fe91f64e4dc1&ds=ft011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-12%2007%3A45%3A15&sap=ku&q="
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={D515E3C6-67E4-4711-AFAC-A819637C7655}&Version=3.6.5&Vintage=20120728&Defaultbrowserid=30&Productid=2875&Vendorid=6413&Offerid=6894&searchterm="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120728,6902,0,30,0"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Janette\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/02 09:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/10 18:55:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/07/13 08:49:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/12 09:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/11 18:46:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/11 22:35:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/11 18:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/04/11 22:35:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/02 09:40:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Janette\AppData\Roaming\Mozilla\Firefox\Profiles/pk4iz42a.default\extensions\[email protected]
[2010/11/07 20:18:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Janette\AppData\Roaming\Mozilla\Extensions
[2010/11/07 20:18:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Janette\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/11 14:11:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Janette\AppData\Roaming\Mozilla\Firefox\Profiles\pk4iz42a.default\extensions
[2012/07/11 14:11:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Janette\AppData\Roaming\Mozilla\Firefox\Profiles\pk4iz42a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/11 08:02:17 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Users\Janette\AppData\Roaming\Mozilla\Firefox\Profiles\pk4iz42a.default\extensions\[email protected]
[2010/11/18 15:26:24 | 000,001,919 | -H-- | M] () -- C:\Users\Janette\AppData\Roaming\Mozilla\Firefox\Profiles\pk4iz42a.default\searchplugins\bing-zugo.xml
[2008/02/06 12:53:46 | 000,002,386 | -H-- | M] () -- C:\Users\Janette\AppData\Roaming\Mozilla\Firefox\Profiles\pk4iz42a.default\searchplugins\siteadvisor.xml
[2012/07/11 18:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/13 08:49:07 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/04/11 08:22:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/12 09:52:35 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/07/12 15:41:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120621110404.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\epson\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [MWLExe] C:\Program Files\McAfee\MWL\MWLGuiSt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/armhelper.ocx (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD82E2A3-614C-43A1-8DFA-9601575D6D8B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Janette\Documents\BookSmart artwork - jpeg\Floral and Still-Lifes\Eden Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Janette\Documents\BookSmart artwork - jpeg\Floral and Still-Lifes\Eden Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4005884000-2466192861-660793693-1005\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
-
Okay, tried to send the second part of the scan and this message appeared:
The following errors occurred with your submission
You have included a total of 7 images and/or videos in your message. The maximum number that you may include is 6. Please correct the problem and then continue again.
Images include use of smilies, the BB code [img] tag, and HTML <img> tags. Videos are included with the BB code [video] tag. The use of these is all subject to them being enabled by the administrator.
-
Upload the file(s) here: http://uploadmb.com/
Copy the link inside the Direct Link box and post it in your next reply.
-
-
========== Files/Folders - Created Within 30 Days ==========
[2012/07/13 17:36:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Janette\Desktop\OTL.exe
[2012/07/12 21:22:35 | 000,000,000 | ---D | C] -- C:\Users\Janette\AppData\Roaming\PwrMgr
[2012/07/12 21:14:53 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/12 19:47:09 | 000,000,000 | ---D | C] -- C:\Users\Janette\Desktop\RK_Quarantine
[2012/07/12 16:01:41 | 000,000,000 | ---D | C] -- C:\Users\Janette\AppData\Local\temp
[2012/07/12 16:00:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/12 15:25:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/12 15:25:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/12 15:25:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/12 15:24:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/12 15:24:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/12 15:16:55 | 004,576,941 | R--- | C] (Swearware) -- C:\Users\Janette\Desktop\ComboFix.exe
[2012/07/12 09:53:16 | 000,000,000 | ---D | C] -- C:\Users\Janette\AppData\Local\AVG Secure Search
[2012/07/12 09:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/12 09:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/12 09:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/12 09:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/07/12 09:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/07/11 21:38:49 | 000,000,000 | ---D | C] -- C:\Users\Janette\AppData\Local\Lenovo
[2012/07/11 18:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/11 14:36:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/11 14:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/11 13:51:26 | 000,000,000 | ---D | C] -- C:\B
[2012/07/11 08:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/07/10 15:26:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/28 10:15:55 | 000,000,000 | -H-D | C] -- C:\Users\Janette\AppData\Local\Macromedia
[2012/06/26 16:46:59 | 000,809,328 | ---- | C] (AirInstaller Inc.) -- C:\Users\Janette\Documents\setup.exe
[2012/06/26 16:20:01 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Users\Janette\Documents\bigfishgames_p17662288_s1_l1(1).exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/13 17:44:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 17:36:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Janette\Desktop\OTL.exe
[2012/07/13 16:45:31 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 16:45:31 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 08:50:43 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/07/13 08:45:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/13 08:45:27 | 3211,034,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/13 08:21:02 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/13 08:19:02 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/12 21:22:12 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
[2012/07/12 21:11:59 | 000,700,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/12 21:11:59 | 000,142,406 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/12 20:05:25 | 000,014,080 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/07/12 19:46:28 | 001,558,016 | ---- | M] () -- C:\Users\Janette\Desktop\winlogon.com.exe
[2012/07/12 15:41:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/12 15:16:56 | 004,576,941 | R--- | M] (Swearware) -- C:\Users\Janette\Desktop\ComboFix.exe
[2012/07/12 10:05:03 | 000,014,313 | ---- | M] () -- C:\Users\Janette\Documents\scanlog.7z
[2012/07/11 18:58:30 | 000,001,824 | ---- | M] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/07/11 18:58:30 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/07/11 18:46:34 | 000,000,880 | ---- | M] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/11 18:46:34 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/11 18:41:55 | 000,000,948 | ---- | M] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/07/11 18:41:49 | 000,000,953 | ---- | M] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/11 18:13:53 | 000,000,826 | ---- | M] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/07/11 18:13:53 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/11 16:00:17 | 000,007,324 | ---- | M] () -- C:\Users\Janette\AppData\Local\d3d9caps.dat
[2012/07/11 14:48:07 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2012/07/11 14:36:03 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 13:21:41 | 000,000,512 | ---- | M] () -- C:\Users\Janette\Documents\MBR.dat
[2012/07/10 22:36:49 | 003,882,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 09:38:00 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-dEXeuNYt1835dg
[2012/07/09 16:49:05 | 000,497,363 | -H-- | M] () -- C:\Users\Janette\Documents\Hero Dogs Wall2.jpg
[2012/07/09 16:48:15 | 000,498,108 | -H-- | M] () -- C:\Users\Janette\Documents\Hero dogs wall 1.jpg
[2012/07/07 13:50:46 | 000,076,800 | -H-- | M] () -- C:\Users\Janette\Documents\8.5x11 Blank Template.pub
[2012/06/26 16:47:15 | 000,809,328 | ---- | M] (AirInstaller Inc.) -- C:\Users\Janette\Documents\setup.exe
[2012/06/26 16:20:40 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/06/26 16:20:03 | 000,212,224 | ---- | M] (Big Fish Games) -- C:\Users\Janette\Documents\bigfishgames_p17662288_s1_l1(1).exe
[2012/06/22 15:23:53 | 000,064,000 | -H-- | M] () -- C:\Users\Janette\Documents\13x19 blank template.pub
[2012/06/22 15:13:43 | 001,380,628 | -H-- | M] () -- C:\Users\Janette\Documents\Hudson Valley Garlic Fest Poster.pdf
[2012/06/21 14:59:06 | 000,044,776 | -H-- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2012/06/18 13:56:09 | 000,328,334 | -H-- | M] () -- C:\Users\Janette\Documents\wooden dipper001.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/13 08:08:27 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/07/12 19:47:19 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/07/12 19:46:28 | 001,558,016 | ---- | C] () -- C:\Users\Janette\Desktop\winlogon.com.exe
[2012/07/12 15:25:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/12 15:25:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/12 15:25:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/12 15:25:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/12 15:25:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/12 10:05:03 | 000,014,313 | ---- | C] () -- C:\Users\Janette\Documents\scanlog.7z
[2012/07/11 20:16:45 | 000,001,904 | ---- | C] () -- C:\Windows\System32\SetupBD.din
[2012/07/11 18:58:30 | 000,001,824 | ---- | C] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/07/11 18:58:30 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/07/11 18:58:30 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/07/11 18:46:34 | 000,000,880 | ---- | C] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/11 18:46:34 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/11 18:46:34 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/11 18:41:55 | 000,000,954 | ---- | C] () -- C:\Users\Janette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/07/11 18:41:55 | 000,000,948 | ---- | C] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/07/11 18:41:54 | 000,001,746 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk
[2012/07/11 18:41:50 | 000,000,925 | ---- | C] () -- C:\Users\Janette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/07/11 18:41:48 | 000,000,959 | ---- | C] () -- C:\Users\Janette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/11 18:41:48 | 000,000,953 | ---- | C] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/11 18:13:53 | 000,000,826 | ---- | C] () -- C:\Users\Janette\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/07/11 18:13:53 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/11 16:22:25 | 3211,034,624 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/11 14:36:03 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 13:21:41 | 000,000,512 | ---- | C] () -- C:\Users\Janette\Documents\MBR.dat
[2012/07/10 09:37:58 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-dEXeuNYt1835dg
[2012/07/09 16:49:03 | 000,497,363 | -H-- | C] () -- C:\Users\Janette\Documents\Hero Dogs Wall2.jpg
[2012/07/09 16:48:14 | 000,498,108 | -H-- | C] () -- C:\Users\Janette\Documents\Hero dogs wall 1.jpg
[2012/07/09 08:48:29 | 003,020,274 | -H-- | C] () -- C:\Users\Janette\Documents\Oct 4 2011.JPG
[2012/06/26 16:20:40 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/06/22 15:13:43 | 001,380,628 | -H-- | C] () -- C:\Users\Janette\Documents\Hudson Valley Garlic Fest Poster.pdf
[2012/06/20 19:23:23 | 003,240,056 | -H-- | C] () -- C:\Users\Janette\Documents\San Francisco 1974.bmp
[2012/06/14 09:38:21 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
[2012/02/28 15:01:54 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2012/02/20 11:16:14 | 000,175,607 | ---- | C] () -- C:\Windows\hpwins24.dat
[2012/02/10 18:01:16 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/02/09 16:46:00 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2008/12/20 12:51:23 | 000,870,128 | -H-- | C] () -- C:\Users\Janette\AppData\Roaming\mcs.rma
[2008/02/07 16:15:18 | 000,000,095 | -H-- | C] () -- C:\Users\Janette\AppData\Local\fusioncache.dat
[2008/02/06 17:52:06 | 000,046,080 | ---- | C] () -- C:\Users\Janette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 10:40:29 | 000,007,324 | ---- | C] () -- C:\Users\Janette\AppData\Local\d3d9caps.dat
========== LOP Check ==========
[2008/06/18 19:02:12 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\AlwaysNeat
[2012/05/07 09:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Amazon
[2009/01/18 19:25:46 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Ancient Quest of Saqqarah__bfg
[2010/10/09 15:11:49 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Artifex Mundi
[2009/10/17 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Awem
[2010/03/19 18:21:42 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\AzuazGames
[2010/12/20 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Big Fish Games
[2008/10/09 09:32:07 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Canneverbe_Limited
[2009/02/14 10:26:30 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\CatmoonGames
[2008/06/14 12:56:12 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\cerasus.media
[2011/09/04 14:31:57 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/04 11:06:01 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/10 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Coyotes Tale
[2009/07/01 14:08:31 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Downloaded Installations
[2011/06/19 19:18:25 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Elephant Games
[2010/01/17 19:09:40 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Enlightenus
[2011/04/26 18:56:36 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Enlightenus2SE_BFG
[2008/02/14 10:19:48 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\EPSON
[2010/02/07 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\ERS G-Studio
[2010/01/20 11:40:42 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Flood Light Games
[2008/08/03 20:26:54 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\ForgottenRiddles2
[2010/09/18 12:13:36 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Freeze Tag
[2012/01/22 16:11:07 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\FUJIFILM
[2012/07/10 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\GameHouse
[2009/12/30 20:47:02 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\GhostFleet
[2009/01/17 20:25:02 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Harmonic Flow
[2008/11/05 13:40:22 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\InterVideo
[2012/02/09 15:06:27 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\IrfanView
[2008/06/17 19:33:18 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\iWin
[2008/11/22 20:12:43 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\iWinArcade
[2008/02/05 11:16:36 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Leadertech
[2008/02/05 10:45:48 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Lenovo
[2012/07/10 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Lost in the City
[2009/01/18 15:18:49 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Meridian93
[2009/11/20 16:58:55 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\MysteryStudio
[2009/06/22 18:18:29 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\NCH Swift Sound
[2008/02/09 15:04:29 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Opera
[2009/11/30 19:45:55 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Orneon
[2012/04/18 09:06:42 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\PCDr
[2011/09/04 12:11:52 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\PDAppFlex
[2011/10/22 17:38:51 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Peace Craft
[2011/10/22 19:39:04 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\PeaceCraft2
[2011/06/17 21:13:10 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Peachtree
[2010/09/07 19:17:33 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\PlayFirst
[2011/05/16 12:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\POV-Ray
[2012/07/12 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\PwrMgr
[2009/12/22 16:44:01 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Scholastic
[2009/02/28 19:17:37 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\SerpentOfIsis
[2010/01/29 19:44:12 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\SevenSails
[2010/09/11 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Skunk Studios
[2012/07/10 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\SpinTop
[2012/07/10 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\SystemRequirementsLab
[2012/07/10 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Thunderbird
[2009/06/20 13:03:01 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Uniblue
[2012/04/17 14:58:52 | 000,000,000 | ---D | M] -- C:\Users\Janette\AppData\Roaming\Update
[2010/07/31 16:16:03 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Vast Studios
[2008/06/23 19:24:23 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\VeniceMysteryData
[2010/09/16 14:04:40 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\Vogat Interactive
[2011/06/19 19:27:45 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\WendigoStudios
[2008/06/23 20:44:26 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\WildTangent
[2011/10/22 19:56:46 | 000,000,000 | -H-D | M] -- C:\Users\Janette\AppData\Roaming\YoudaGames
[2012/07/13 08:21:02 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/13 08:37:15 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/13 08:19:02 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
-
Code:
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:35950FAF
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:197335E4
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:CDCFEE39
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:A4ACFB14
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 254 bytes -> C:\ProgramData\TEMP:0B352B60
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:701B92FB
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:C9B27A06
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:9D6EAEC3
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:72E6616C
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:9BB8C675
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:7C4DF735
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:370E4EFB
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:A31B5E9B
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:8F067037
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:EC855C73
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:51676264
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:A9ABA3FF
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:1C88C8E5
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:918B7566
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:35FAD15D
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:38FF076E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A7596EAE
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:35629AE6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6423D635
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1C4D3509
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50636E35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:22786385
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F33C37D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AD727397
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:68EF6203
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F44D3C53
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:598E8EA1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:616D21DE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BCA198E3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F92AD177
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B72F3698
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C085630F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3F2212BB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B9710577
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9BFB769D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:40EE25BB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFB24B00
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D2BD3451
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3A78F62C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B275F6A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:83ACAC73
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FD2BFC89
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DA18FD1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:66AA0486
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4249A835
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:853CCFC7
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6F1F66C0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9124CA95
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8EA719EA
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:68DC65DC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F8B72C9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:40E5AD89
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:211ED887
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:23ADF89D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E3313793
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4A9220C3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9B285B76
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:6440F08B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:029300DC
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:7E0EFF7B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1A7FFE9C
< End of report >
-
