# muldrop trojan got me good.



## iagoman (Nov 5, 2003)

My Toshiba laptop L300 was infected with the "trojan.agent/gen-muldrop" which knocked me out for about a week,
I ran SUPERANTISPYWARE which said it removed a threat and asked me to reboot my system, which I did but I still
was not able to log into any sites on the internet and I was always prompted to download some sort of video program.which I did not do, naturally. I finally did a system restore of my Win/Xp pro system and it appears that I am ok, for the moment.
This was a particularly nasty trojan. It would let me copy the HJT log file. When I tried to place the file on a stick drive
the file contained blanks!
I now have been able to get the HJT log to the TSG site. I may have placed this request in the wrong area so please move it
if need be, I;m just glad I could finally get it posted.
If you could take a look and see if there is any lingering danger I would be forever grateful.
(I am a supporting member of TSG for many years)
This is the only version of HJT I have, 
I can't locate a safe site for downloading the latest version.

Logfile of HijackThis v1.97.7
Scan saved at 8:36:59 PM, on 7/5/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\EscSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\DIGIPO~1\CHOICE~1\IzyMail.exe
C:\Program Files\shortkey\SHORTKEY.EXE
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\BIN\HIJACK THIS-kills adware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mycopper.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Blekko Search Bar 005 - {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files\blekkotb_005\blekkotb_005X.dll (file missing)
O2 - BHO: (no name) - {65E72875-31FA-472B-8B1A-2FCDDBDAD50F} - C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\getsav-in\ie\getsav-in_1370877302.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Blekko Search Bar 005 - {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files\blekkotb_005\blekkotb_005X.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ChoiceMail] "C:\PROGRA~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: WinPtr.lnk = C:\WINDOWS\WINPTR\winptr.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms (HKLM)
O9 - Extra button: Show Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar (HKLM)
O9 - Extra button: Skype Click to Call (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} (DCPForm Control 1.0.1.1) - file:///D:/activeX/DCP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.33/uploader2.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224556295671
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - file:///D:/activeX/aplugLiteDL.cab
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


----------



## metallica5456 (Apr 1, 2013)

Hi there I've requested your thread be moved to the Malware Forum of this site. It is the BUSIEST forum on here so please be patient as it might take a day or so for someone to assist you.


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## iagoman (Nov 5, 2003)

Thanks Cookiegal,
You helped me a long time ago, and now I'm back with more problems.
Regrettably, (or happily), I am leaving on 7/8 for two weeks to Paris and will not attempt to run your
requests until I get back.
I'll do that as soon as we return.
Steve (Iagoman)


----------



## Cookiegal (Aug 27, 2003)

That's fine. Have a great trip.

Please post back to this thread when you return. It will remain open for 45 days after the last reply.


----------



## iagoman (Nov 5, 2003)

Hi, Made it back from Paris OK, now to try to fix the weird happenings on my laptop.
Strange things are occurring. When I go to a site, such as TSG, I get hijacked for ads. I X it out, and have to close
the tabs and the second or 3rd time I can get to the TSG site.
I did the first step and am posting the two logs as you indicated.
I have not done the d/l for GMER.exe yet. Should I wait till I hear from you before continuing?

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Steve Galkin at 18:02:00 on 2013-07-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2255 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\WINDOWS\system32\EscSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\PROGRA~1\DIGIPO~1\CHOICE~1\IzyMail.exe
C:\Program Files\shortkey\SHORTKEY.EXE
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.optimum.net/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.mycopper.net
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - c:\program files\lesstabs\ie32\LessTabsClientIE.dll
BHO: DivX Plus Web Player HTML5 : {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - <orphaned>
BHO: getsav-in 5.0: {65E72875-31FA-472B-8B1A-2FCDDBDAD50F} - c:\documents and settings\steve galkin\local settings\application data\getsav-in\ie\getsav-in_1370877302.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\documents and settings\steve galkin\local settings\application data\defineext\temp.dat
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: GetSavin 5.0: {F19C303D-06BD-4346-98CB-DA3D2B26B021} - c:\documents and settings\steve galkin\local settings\application data\getsavin\ie\getsavin_1374794401.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ChoiceMail] "c:\progra~1\digipo~1\choice~1\ChoiceMail.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\steve galkin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
StartupFolder: c:\docume~1\steveg~1\startm~1\programs\startup\winptr.lnk - c:\windows\winptr\winptr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.33/uploader2.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224556295671
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 167.206.251.130 167.206.251.129 192.168.1.1
TCP: Interfaces\{2BE5BE75-EE9F-41A8-8D52-5FF920C654AA} : DHCPNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll 
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steve galkin\application data\mozilla\firefox\profiles\hjvuqfiy.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\steve galkin\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-06-07 16:42; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - ExtSQL: 2013-06-20 19:47; {739df940-c5ee-4bab-9d7e-270894ae687a}; c:\documents and settings\steve galkin\application data\mozilla\firefox\profiles\hjvuqfiy.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-06-27 15:11; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\documents and settings\steve galkin\application data\mozilla\firefox\profiles\hjvuqfiy.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2013-06-27 15:13; [email protected]db8838882.com; c:\documents and settings\steve galkin\application data\mozilla\firefox\profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com
FF - ExtSQL: 2013-07-02 09:03; {8BD43E5D-6169-4FBD-8560-41FF981862DB}; c:\documents and settings\steve galkin\application data\mozilla\firefox\profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}
FF - ExtSQL: 2013-07-02 09:03; [email protected]; c:\program files\mozilla firefox\extensions\[email protected]
FF - ExtSQL: 2013-07-25 00:00; [email protected]; c:\documents and settings\steve galkin\application data\mozilla\firefox\profiles\hjvuqfiy.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 211560]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-7-1 16024]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-11-9 752128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2012-5-10 539744]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-4-18 122000]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-7-1 220824]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2012-10-13 14976]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-7-2 14528]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-7-12 3289472]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-3-6 5888]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe --> c:\program files\common files\acronis\cdp\afcdpsrv.exe [?]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-11-9 163232]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-6 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-7-1 45208]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2011-7-1 12952]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-10-9 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-07-28 18:49:50	7143960	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33165417-6d75-467e-830c-3a766c040f74}\mpengine.dll
2013-07-27 15:22:08	7143960	------w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-26 15:15:22	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 15:15:22	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-25 23:29:02	--------	d-----w-	c:\program files\Flash Player Pro
2013-07-25 23:26:02	--------	d-----w-	c:\documents and settings\steve galkin\local settings\application data\DefineExt
2013-07-25 23:25:28	--------	d-----w-	c:\documents and settings\steve galkin\local settings\application data\getsavin
2013-07-24 12:24:14	--------	d-----w-	c:\program files\MyPC Backup
2013-07-08 22:04:19	1169609	----a-w-	c:\windows\unins001.exe
2013-07-08 22:04:09	--------	d-----w-	c:\program files\vGrabber-software
2013-07-05 23:50:47	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2013-07-05 23:50:47	--------	d-----w-	c:\windows\system32\wbem\Repository
2013-07-02 19:36:06	--------	d-----w-	c:\documents and settings\steve galkin\local settings\application data\PackageAware
2013-07-02 13:02:38	--------	d-----w-	c:\program files\LessTabs
2013-07-02 13:02:37	--------	d-----w-	c:\program files\OApps
2013-07-02 13:02:37	--------	d-----w-	c:\program files\LyricsContainer
.
==================== Find3M ====================
.
2013-07-25 23:21:35	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-07-25 23:21:31	144896	----a-w-	c:\windows\system32\javacpl.cpl
2013-07-25 23:21:30	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-07-25 23:21:30	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-05 00:45:25	0	----a-w-	c:\windows\system32\TempWmicBatchFile.bat
2013-06-19 01:50:08	211560	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-08 03:55:44	385024	----a-w-	c:\windows\system32\html.iec
2013-06-07 21:56:06	920064	----a-w-	c:\windows\system32\wininet.dll
2013-06-07 21:56:06	43520	------w-	c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-06-07 20:37:53	715038	----a-w-	c:\windows\unins000.exe
2013-06-04 07:23:02	562688	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 01:40:45	1876736	----a-w-	c:\windows\system32\win32k.sys
2013-05-09 04:28:02	1543680	------w-	c:\windows\system32\wmvdecod.dll
2013-05-08 06:10:12	770384	----a-w-	c:\windows\system32\msvcr100.dll
2013-05-08 06:10:12	421200	----a-w-	c:\windows\system32\msvcp100.dll
2013-05-03 01:30:20	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 07:59:12	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59:12	69632	----a-w-	c:\windows\system32\QuickTime.qts
.
============= FINISH: 18:08:32.60 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2008 5:56:04 PM
System Uptime: 7/28/2013 2:37:02 PM (4 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel Pentium III Xeon processor | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 57.156 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 2795 GiB total, 1927.566 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_HP&PROD_&REV_1.00\8&1A07E23F&0&MY38L1F2S99F&0
Manufacturer: (Standard disk drives)
Name: HP USB Device
PNP Device ID: USBSTOR\DISK&VEN_HP&PROD_&REV_1.00\8&1A07E23F&0&MY38L1F2S99F&0
Service: disk
.
==== System Restore Points ===================
.
RP537: 4/30/2013 10:28:49 PM - Software Distribution Service 3.0
RP538: 5/1/2013 11:55:48 PM - System Checkpoint
RP539: 5/2/2013 9:42:15 AM - Software Distribution Service 3.0
RP540: 5/2/2013 2:34:23 PM - Microsoft Antimalware Checkpoint
RP541: 5/3/2013 10:00:09 AM - Software Distribution Service 3.0
RP542: 5/4/2013 3:06:12 PM - Software Distribution Service 3.0
RP543: 5/5/2013 4:23:45 PM - System Checkpoint
RP544: 5/5/2013 9:32:58 PM - PC Health Advisor Backup
RP545: 5/5/2013 9:36:56 PM - PC Health Advisor Backup
RP546: 5/5/2013 9:51:38 PM - Software Distribution Service 3.0
RP547: 5/6/2013 10:38:25 PM - Software Distribution Service 3.0
RP548: 5/7/2013 10:55:24 PM - System Checkpoint
RP549: 5/8/2013 8:34:26 AM - Software Distribution Service 3.0
RP550: 5/8/2013 10:08:13 PM - PC Health Advisor Backup
RP551: 5/9/2013 1:55:42 PM - Software Distribution Service 3.0
RP552: 5/10/2013 2:29:23 PM - Software Distribution Service 3.0
RP553: 5/10/2013 2:51:07 PM - Unsigned printer driver EPSON Remote Print installed.
RP554: 5/11/2013 2:57:56 PM - System Checkpoint
RP555: 5/12/2013 7:56:47 AM - Software Distribution Service 3.0
RP556: 5/12/2013 9:22:34 AM - PC Health Advisor Backup
RP557: 5/13/2013 8:53:13 AM - Software Distribution Service 3.0
RP558: 5/14/2013 9:09:30 AM - Software Distribution Service 3.0
RP559: 5/15/2013 7:03:47 AM - Software Distribution Service 3.0
RP560: 5/15/2013 11:56:03 AM - Software Distribution Service 3.0
RP561: 5/15/2013 9:52:40 PM - PC Health Advisor Backup
RP562: 5/16/2013 10:00:01 PM - System Checkpoint
RP563: 5/17/2013 8:00:08 AM - Software Distribution Service 3.0
RP564: 5/17/2013 8:38:25 AM - ShortKeys Lite
RP565: 5/18/2013 9:12:55 AM - Software Distribution Service 3.0
RP566: 5/18/2013 11:28:42 AM - Software Distribution Service 3.0
RP567: 5/19/2013 11:45:02 AM - Software Distribution Service 3.0
RP568: 5/20/2013 12:15:19 PM - System Checkpoint
RP569: 5/20/2013 1:28:48 PM - Software Distribution Service 3.0
RP570: 5/21/2013 4:06:48 PM - Software Distribution Service 3.0
RP571: 5/22/2013 4:17:34 PM - System Checkpoint
RP572: 5/22/2013 9:21:06 PM - Software Distribution Service 3.0
RP573: 5/23/2013 9:43:35 PM - Software Distribution Service 3.0
RP574: 5/24/2013 9:36:06 AM - Restore Operation
RP575: 5/24/2013 9:46:05 AM - Software Distribution Service 3.0
RP576: 5/24/2013 9:49:45 AM - Software Distribution Service 3.0
RP577: 5/24/2013 10:00:01 AM - Restore Operation
RP578: 5/24/2013 11:27:39 AM - Removed Bitser Beta
RP579: 5/24/2013 11:31:36 AM - Removed Security Update for CAPICOM (KB931906)
RP580: 5/24/2013 11:14:31 PM - Software Distribution Service 3.0
RP581: 5/25/2013 11:21:27 AM - Software Distribution Service 3.0
RP582: 5/26/2013 12:07:16 PM - System Checkpoint
RP583: 5/26/2013 6:59:23 PM - Software Distribution Service 3.0
RP584: 5/27/2013 7:37:28 PM - Software Distribution Service 3.0
RP585: 5/28/2013 7:38:13 PM - System Checkpoint
RP586: 5/29/2013 9:42:49 AM - Software Distribution Service 3.0
RP587: 5/30/2013 11:11:24 AM - System Checkpoint
RP588: 5/31/2013 12:22:39 PM - Software Distribution Service 3.0
RP589: 6/1/2013 1:05:08 PM - System Checkpoint
RP590: 6/2/2013 9:02:50 AM - Software Distribution Service 3.0
RP591: 6/3/2013 9:28:57 AM - System Checkpoint
RP592: 6/3/2013 1:35:51 PM - Software Distribution Service 3.0
RP593: 6/4/2013 4:04:00 PM - System Checkpoint
RP594: 6/5/2013 8:50:41 AM - Software Distribution Service 3.0
RP595: 6/6/2013 10:05:46 AM - System Checkpoint
RP596: 6/6/2013 1:31:55 PM - Software Distribution Service 3.0
RP597: 6/7/2013 1:33:51 PM - System Checkpoint
RP598: 6/7/2013 10:14:43 PM - Software Distribution Service 3.0
RP599: 6/8/2013 10:47:09 AM - Software Distribution Service 3.0
RP600: 6/8/2013 6:17:20 PM - Installed Windows Media Player 11
RP601: 6/8/2013 6:19:20 PM - Installed Windows XP MSCompPackV1.
RP602: 6/9/2013 3:22:15 PM - Software Distribution Service 3.0
RP603: 6/10/2013 4:37:02 PM - Software Distribution Service 3.0
RP604: 6/11/2013 5:02:38 PM - System Checkpoint
RP605: 6/11/2013 9:49:02 PM - Software Distribution Service 3.0
RP606: 6/12/2013 9:03:32 PM - Software Distribution Service 3.0
RP607: 6/13/2013 7:13:51 AM - Software Distribution Service 3.0
RP608: 6/13/2013 7:55:15 AM - PC Health Advisor Backup
RP609: 6/14/2013 8:49:18 AM - System Checkpoint
RP610: 6/14/2013 9:47:53 AM - Microsoft Antimalware Checkpoint
RP611: 6/14/2013 8:58:28 PM - Software Distribution Service 3.0
RP612: 6/15/2013 7:23:32 PM - Installed Java 7 Update 21
RP613: 6/16/2013 8:22:23 AM - Software Distribution Service 3.0
RP614: 6/17/2013 8:22:52 AM - Software Distribution Service 3.0
RP615: 6/17/2013 9:21:03 AM - Installed Software Updater
RP616: 6/18/2013 9:35:24 AM - System Checkpoint
RP617: 6/18/2013 9:17:29 PM - Software Distribution Service 3.0
RP618: 6/19/2013 6:26:39 PM - Installed Java 7 Update 25
RP619: 6/20/2013 8:07:43 AM - Software Distribution Service 3.0
RP620: 6/21/2013 9:15:09 AM - Software Distribution Service 3.0
RP621: 6/21/2013 2:08:07 PM - PC Health Advisor Backup
RP622: 6/22/2013 11:04:20 AM - Software Distribution Service 3.0
RP623: 6/23/2013 12:01:41 PM - System Checkpoint
RP624: 6/23/2013 12:49:09 PM - PC Health Advisor Backup
RP625: 6/23/2013 8:50:01 PM - Software Distribution Service 3.0
RP626: 6/23/2013 10:31:04 PM - PC Health Advisor Backup
RP627: 6/25/2013 7:27:58 AM - Software Distribution Service 3.0
RP628: 6/26/2013 8:13:51 AM - Software Distribution Service 3.0
RP629: 6/26/2013 8:01:15 PM - Microsoft Antimalware Checkpoint
RP630: 6/26/2013 9:44:11 PM - PC Health Advisor Backup
RP631: 6/27/2013 8:48:21 AM - Software Distribution Service 3.0
RP632: 6/28/2013 10:43:33 AM - System Checkpoint
RP633: 6/28/2013 10:36:07 PM - Software Distribution Service 3.0
RP634: 6/29/2013 11:26:47 AM - Software Distribution Service 3.0
RP635: 6/30/2013 11:50:13 AM - System Checkpoint
RP636: 6/30/2013 10:42:02 PM - PC Health Advisor Backup
RP637: 6/30/2013 10:59:37 PM - Software Distribution Service 3.0
RP638: 7/2/2013 12:20:36 AM - System Checkpoint
RP639: 7/2/2013 7:32:58 AM - Software Distribution Service 3.0
RP640: 7/2/2013 3:32:25 PM - Removed Bonjour
RP641: 7/3/2013 3:46:13 PM - System Checkpoint
RP642: 7/4/2013 8:44:13 AM - Software Distribution Service 3.0
RP643: 7/5/2013 12:58:39 PM - Software Distribution Service 3.0
RP644: 7/5/2013 5:07:29 PM - Microsoft Antimalware Checkpoint
RP645: 7/5/2013 7:49:44 PM - Restore Operation
RP646: 7/5/2013 8:04:32 PM - Software Distribution Service 3.0
RP647: 7/6/2013 11:07:29 AM - Software Distribution Service 3.0
RP648: 7/7/2013 8:29:35 AM - PC Health Advisor Backup
RP649: 7/7/2013 10:37:18 PM - PC Health Advisor Backup
RP650: 7/8/2013 7:12:28 AM - Software Distribution Service 3.0
RP651: 7/23/2013 11:33:04 PM - Software Distribution Service 3.0
RP652: 7/24/2013 8:13:39 AM - Software Distribution Service 3.0
RP653: 7/24/2013 8:54:03 AM - Software Distribution Service 3.0
RP654: 7/24/2013 10:35:56 AM - Software Distribution Service 3.0
RP655: 7/25/2013 8:57:11 AM - Software Distribution Service 3.0
RP656: 7/25/2013 7:20:24 PM - Removed Java 7 Update 17
RP657: 7/25/2013 7:21:20 PM - Installed Java 7 Update 25
RP658: 7/26/2013 8:12:24 AM - Software Distribution Service 3.0
RP659: 7/27/2013 10:23:29 AM - System Checkpoint
RP660: 7/27/2013 11:22:06 AM - Software Distribution Service 3.0
RP661: 7/28/2013 2:49:46 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Across Lite 2.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
AiO_Scan
Any Password 1.44
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoSizer
Belarc Advisor 7.2
Bing Bar
Bonjour
Camera Assistant Software for Toshiba
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CD/DVD Drive Acoustic Silencer
ChoiceMail One Retail 1.600
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DAK DePopper 3.x
DAK Equalizer 2.x
DAK Wave MP3 Editor PRO v6.1b
DC-Bass Source 1.3.0
Define Ext
DirectVobSub 2.40.4209
DivX Setup
Easy-WebPrint
eFax Messenger
EPSON Attach To Email
Epson Connect
Epson Connect Printer Setup
EPSON Copy Utility 3
Epson Customer Participation
Epson Event Manager
EPSON File Manager
EPSON Perf 4490P Guide
EPSON Remote Print Uninstall
EPSON Scan
EPSON Scan Assistant
EPSON XP-400 Series Printer Uninstall
EpsonNet Print
Everything 1.2.1.371
Fences Pro
ffdshow v1.1.4399 [2012-03-22]
Flash Player Pro V5.4
Garmin Communicator Plugin
Garmin USB Drivers
GearDrvs
GetSavin
Google Chrome
Google Desktop
Google Earth
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Haali Media Splitter
High Definition Audio Driver Package - KB888111
Holy Grail Song Splitter PRO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.2
HP LaserJet P1000 series
HP PSC & OfficeJet 4.2
HPCarePackProducts
hpmdtab
hppMSRedist
hppusgP1000
Impulse
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
IrfanView (remove only)
iTunes
Java 7 Update 25
Java Auto Updater
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
LessTabs
Logitech QuickCam
LTCM Client
Macrium Reflect - Free Edition
MarketResearch
mCore
mDrWiFi
MediaWidget 5.5
Memories Disc Creator 2.0
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mZConfig
neroxml
Netflix Movie Viewer
NexGen Media Player - a modern video player
Norton 360
Octoshape Streaming Services
OGA Notifier 2.0.0048.0
OpenSource Flash Video Splitter 1.0.0.5
ParetoLogic PC Health Advisor
PE Builder 3.1.10a
PhotoFiltre
PublicWare File Renamer
QFolder
QuickCam Drivers
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
RoboForm 7-8-9-5 (All Users)
Safari
Scan
Seagate Dashboard 2.0
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SES Driver
Skype Click to Call
Skype 6.3
Software Updater
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Times Reader
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
Update for Codec Pack
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Video Downloader
Video Downloader version 2.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.5
WebFldrs XP
WinDirStat 1.1.2
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
7/26/2013 8:12:47 AM, error: PlugPlayManager [12] - The device 'PIONEER DVD-RW DVRKD08A' (IDE\CdRomPIONEER_DVD-RW__DVRKD08A________________1.51____\48_04444314c303737395739204c202020202020) disappeared from the system without first being prepared for removal.
7/25/2013 9:01:04 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/25/2013 8:50:24 AM, error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s).
7/25/2013 7:19:41 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/24/2013 9:12:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Seagate Dashboard Services service to connect.
7/24/2013 12:05:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/24/2013 10:33:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
7/24/2013 10:33:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
7/24/2013 10:33:23 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/24/2013 10:33:23 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Please go ahead with GMER if you're able to run it.


----------



## iagoman (Nov 5, 2003)

I did run it. 
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-28 20:02:09
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB11 149.05GB
Running: gkcgwob9.exe; Driver: C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\fxtiikow.sys

---- System - GMER 2.1 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xA177D640]

---- Kernel code sections - GMER 2.1 ----

? C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe[3740] ntdll.dll!RtlConvertUlongToLargeInteger + 65 7C9032A3 5 Bytes JMP 00C80094 
.text C:\PROGRA~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe[3740] ntdll.dll!LdrAccessResource + 11 7C911DD1 4 Bytes CALL 00C80389 
.text C:\Program Files\Mozilla Firefox\firefox.exe[4768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01A5EEB0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4768] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0206979B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4768] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 02069778 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4768] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01A64CE9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4768] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 020696F9 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm273.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm273.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm273.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat tdrpm273.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

---- EOF - GMER 2.1 ----
I hope I did it correctly.


----------



## Cookiegal (Aug 27, 2003)

Sorry for the delay in replying. I'm not receiving email notifications of replies to some threads.

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## iagoman (Nov 5, 2003)

Hi Cookiegal,
I went to the ADWcleaner site. I tried d/l ing but "Free Download Manager" pops up and I can't get by it.
Is that part of ADWCLEANER?
I have the "setup.exe" file saved 1,092 kb but when I try to execute it, that "Free Download Manager"
takes over and I don't see where AdWcleaner is at.


----------



## Cookiegal (Aug 27, 2003)

No, you don't want to use the download manager. Can you click on this link to download it?

http://www.bleepingcomputer.com/download/adwcleaner/dl/125/


----------



## iagoman (Nov 5, 2003)

# AdwCleaner v2.306 - Logfile created 07/31/2013 at 18:08:34
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steve Galkin - SBGTOSHIBA
# Boot Mode : Normal
# Running from : C:\BIN\A_Temporary_DOWNLOADS\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\searchplugins\Conduit.xml
File Found : C:\WINDOWS\Tasks\AmiUpdXp.job
File Found : C:\WINDOWS\Tasks\LyricsContainer Update.job
Folder Found : C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\AirInstaller
Folder Found : C:\Documents and Settings\All Users\Application Data\DriverCure
Folder Found : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\NetworkService\Application Data\PriceGong
Folder Found : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Steve Galkin\Application Data\DriverCure
Folder Found : C:\Documents and Settings\Steve Galkin\Application Data\DSite
Folder Found : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\CT3289847
Folder Found : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Found : C:\Documents and Settings\Steve Galkin\Application Data\ParetoLogic
Folder Found : C:\Documents and Settings\Steve Galkin\Application Data\PriceGong
Folder Found : C:\Documents and Settings\Steve Galkin\Application Data\SearchProtect
Folder Found : C:\Documents and Settings\Steve Galkin\Application Data\SwvUpdater
Folder Found : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\getsavin
Folder Found : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\getsav-in
Folder Found : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Wajam
Folder Found : C:\Documents and Settings\Steve Galkin\Start Menu\Programs\ParetoLogic
Folder Found : C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Video Downloader
Folder Found : C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Wajam
Folder Found : C:\Program Files\Common Files\ParetoLogic
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\LyricsContainer
Folder Found : C:\Program Files\OApps
Folder Found : C:\Program Files\ParetoLogic
Folder Found : C:\Program Files\SearchProtect
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Updater By SweetPacks
Folder Found : C:\Program Files\Wajam

***** [Registry] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\Software\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.22] : icon_url = "hxxp://search.conduit.com/fav.ico",
Found [l.25] : keyword = "search.conduit.com",
Found [l.29] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23813525021731361&ctid=CT3289847&UM=2&sspv=TB_CH2",
Found [l.30] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN23813525021731361&sspv=TB_CH2&UM=2"

*************************

AdwCleaner[R3].txt - [7280 octets] - [31/07/2013 18:08:34]

########## EOF - C:\AdwCleaner[R3].txt - [7340 octets] ##########


----------



## iagoman (Nov 5, 2003)

That helped, as you can see.
I get ads in the middle of doing things, even at TSG, while trying to post an answer. Took three tries before I could send this note to you.
I'm about ready to scrap Win/xp and get an Apple!
Steve


----------



## Cookiegal (Aug 27, 2003)

Please run AdwCleaner again and this time select the "delete" option and post the resulting log.


----------



## iagoman (Nov 5, 2003)

# AdwCleaner v2.306 - Logfile created 07/31/2013 at 20:35:25
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steve Galkin - SBGTOSHIBA
# Boot Mode : Normal
# Running from : C:\BIN\AdwCleaner cookie Gal July 2013\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\searchplugins\Conduit.xml
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
File Deleted : C:\WINDOWS\Tasks\LyricsContainer Update.job
Folder Deleted : C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Steve Galkin\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Steve Galkin\Application Data\DSite
Folder Deleted : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\CT3289847
Folder Deleted : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Documents and Settings\Steve Galkin\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Steve Galkin\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Steve Galkin\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Steve Galkin\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\getsavin
Folder Deleted : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\getsav-in
Folder Deleted : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\Steve Galkin\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Video Downloader
Folder Deleted : C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\LyricsContainer
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Program Files\Wajam

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\Software\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\prefs.js

C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.22] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.25] : keyword = "search.conduit.com",
Deleted [l.29] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23[...]
Deleted [l.30] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]

*************************

AdwCleaner[R3].txt - [7409 octets] - [31/07/2013 18:08:34]
AdwCleaner[S7].txt - [7541 octets] - [31/07/2013 20:35:25]

########## EOF - C:\AdwCleaner[S7].txt - [7601 octets] ##########


----------



## iagoman (Nov 5, 2003)

For some odd reason, I can't get to "my posts" on the TSG siste. I'm using my iPad to check
Your posts. 
What's happening? My tech world is falling apart!


----------



## Cookiegal (Aug 27, 2003)

What do you mean you can't get to your posts?


----------



## iagoman (Nov 5, 2003)

When I logged on to the TSG site and clicked on "show all my posts", nothing happened. I tried it about 3 times then went on my iPad to let you know the problem.
Now when I tried it again, it allowed me to view the posts, including this one, but everytime I first get a pop-up ad for one thing or another. I have to close the ad and usually I can get back to the posts. This happens all the time when I go to any site.
I'm pretty cautious about visiting sites. I only go to a few that I've been using for years. I NEVER open attachments or go to links in emails, but apparently some bugs get me. 
Even while typing this post, I wanted to correct a word and when I went to that word (everytime), a pop-up ad appeared.


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## iagoman (Nov 5, 2003)

I will do all those tasks later tonight.
As for the "show my posts"...That was my error. I didn't notice that the menu for "show my posts" was open.
Usually I have to click on the search button and go to the drop-down menu. 
Sorry if I misled you. I appreciate the TSG help. You are great!
S.


----------



## Cookiegal (Aug 27, 2003)

No problem at all.


----------



## iagoman (Nov 5, 2003)

Hi again,
I tried d/l from the url site you sent. I get to the Combofix site, click on download and the a pop-up appears for "cloudmark" or some other ad. I "x" out the ad which brings me back to TSG and the URL link you sent. I click it again and try to D/L
the Combofix file and again, The pop-up takes over and the file never downloads.
Help!


----------



## Cookiegal (Aug 27, 2003)

Try running this program first:

Download and run the following tool to help allow other programs to run. _(Courtesy of BleepingComputer.com)_
There are 4 different versions. If one of them won't run then download and try to run the other one. Do not reboot after running this program.

Vista and Win7 users need to right click and choose *Run as Admin* 
*You only need to get one of them to run, not all of them.*

rkill.exe
rkill.com
rkill.scr

Do NOT reboot the machine after doing the above and then see if you can run ComboFix.


----------



## iagoman (Nov 5, 2003)

I finally was able to get the combofix file d/l'd.
I followed all your & their instructions and it seems to have finished in about 20 minutes. Here is the log...
ComboFix 13-08-01.01 - Steve Galkin 08/01/2013 22:09:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2045 [GMT -4:00]
Running from: c:\documents and settings\Steve Galkin\Desktop\puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Steve Galkin\g2mdlhlpx.exe
c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt\teMP.dat
c:\windows\system32\SET87.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET97.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-08-01 18:27 . 2013-07-02 06:54	7143960	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E8883FFE-1215-4410-85EC-9B10875D6AC7}\mpengine.dll
2013-07-30 03:24 . 2013-07-02 06:54	7143960	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-26 15:15 . 2013-08-01 13:07	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 15:15 . 2013-08-01 13:07	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-25 23:29 . 2013-07-25 23:29	--------	d-----w-	c:\program files\Flash Player Pro
2013-07-25 23:26 . 2013-08-02 02:14	--------	d-----w-	c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt
2013-07-24 12:24 . 2013-07-25 12:50	--------	d-----w-	c:\program files\MyPC Backup
2013-07-24 12:22 . 2013-07-24 14:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2013-07-24 12:22 . 2013-07-24 14:56	--------	d-----w-	c:\documents and settings\Steve Galkin\Application Data\Yahoo!
2013-07-08 22:04 . 2013-07-08 22:00	1169609	----a-w-	c:\windows\unins001.exe
2013-07-08 22:04 . 2013-07-08 22:04	--------	d-----w-	c:\program files\vGrabber-software
2013-07-05 23:50 . 2013-07-05 23:50	--------	d-----w-	c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-25 23:21 . 2013-06-19 22:27	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-07-25 23:21 . 2013-06-19 22:27	144896	----a-w-	c:\windows\system32\javacpl.cpl
2013-07-25 23:21 . 2012-10-04 22:26	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-07-25 23:21 . 2010-05-14 01:40	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-05 00:45 . 2013-06-27 19:13	0	----a-w-	c:\windows\system32\TempWmicBatchFile.bat
2013-06-19 01:50 . 2009-06-18 22:48	211560	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-14 20:45 . 2013-06-14 20:44	8281168	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-06-08 03:55 . 2008-03-07 01:15	385024	----a-w-	c:\windows\system32\html.iec
2013-06-07 21:56 . 2008-03-07 01:16	920064	----a-w-	c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2008-03-07 01:15	43520	------w-	c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2008-03-07 01:15	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-06-07 20:37 . 2013-06-07 20:37	715038	----a-w-	c:\windows\unins000.exe
2013-06-04 07:23 . 2008-03-07 01:15	562688	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2008-03-07 01:16	1876736	----a-w-	c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2006-10-19 02:47	1543680	------w-	c:\windows\system32\wmvdecod.dll
2013-05-08 06:10 . 2011-06-11 05:58	770384	----a-w-	c:\windows\system32\msvcr100.dll
2013-05-08 06:10 . 2011-06-11 05:58	421200	----a-w-	c:\windows\system32\msvcp100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChoiceMail"="c:\progra~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe" [2003-04-08 1772032]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-01-29 131072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 4760816]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-13 109784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-13 109784]
.
c:\documents and settings\Steve Galkin\Start Menu\Programs\Startup\
WinPtr.lnk - c:\windows\WINPTR\winptr.exe [2008-10-20 263168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2011-01-19 279912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Steve Galkin^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Steve Galkin\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-26 00:41	413696	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
2007-04-14 02:16	311296	----a-w-	c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-09 23:36	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-11-23 17:40	126976	----a-w-	c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-20 11:37	116648	----atw-	c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 18:34	162328	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 22:44	178712	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 18:34	141848	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 21:13	1101824	----a-w-	c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 21:18	995328	----a-w-	c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 21:23	191552	----a-w-	c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2001-09-24 13:39	98304	----a-w-	c:\program files\Common Files\Logitech\QCDriver\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-06-20 21:25	995176	----a-w-	c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 18:34	137752	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-29 22:47	16859648	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-15 16:05	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 00:20	1024000	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2008-03-04 19:12	360448	----a-w-	c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-20 14:13	273544	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2007-10-08 20:02	262144	----a-w-	c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uploader]
2012-07-02 16:35	120496	----a-w-	c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcrSch2Svc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\IzyMail.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\ChoiceMail.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TOSHIBA\\Windows Utilities\\TACSPROP.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Documents and Settings\\Steve Galkin\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Epson Software\\ECPrinterSetup\\ENPApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [7/1/2011 12:55 PM 16024]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [11/9/2010 9:51 AM 752128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [5/10/2012 2:00 PM 539744]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [4/18/2013 5:36 PM 122000]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/13/2012 8:32 PM 14976]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [7/2/2012 12:33 PM 14528]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 10:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 10:24 AM 399416]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/12/2013 2:37 PM 3289472]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 4:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 4:15 PM 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [3/6/2008 10:30 PM 5888]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsle4b479c0;MpKsle4b479c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E8883FFE-1215-4410-85EC-9B10875D6AC7}\MpKsle4b479c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E8883FFE-1215-4410-85EC-9B10875D6AC7}\MpKsle4b479c0.sys [?]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe --> c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 8:47 PM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/9/2010 9:51 AM 163232]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/6/2008 11:00 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 8:47 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [7/1/2011 12:55 PM 45208]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [7/1/2011 12:56 PM 12952]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/9/2012 11:58 AM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 13:07]
.
2013-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-08-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-07 00:47]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:47]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:47]
.
2013-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005Core.job
- c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 11:37]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005UA.job
- c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 11:37]
.
2012-10-03 c:\windows\Tasks\My Backup xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2011-07-01 16:50]
.
2013-08-01 c:\windows\Tasks\My Backup(5) xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2011-07-01 16:50]
.
2013-08-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-454583010-175260030-2287809055-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2013-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-454583010-175260030-2287809055-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2013-08-01 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2008-03-07 00:12]
.
2012-10-24 c:\windows\Tasks\Steve Galkin DBAgent 2 0.job
- c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-07-02 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: ameritrade.com\wwws
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
FF - ProfilePath - c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\
FF - ExtSQL: 2013-06-07 16:42; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-06-27 15:13; [email protected]db8838882.com; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com
FF - ExtSQL: 2013-07-02 09:03; {8BD43E5D-6169-4FBD-8560-41FF981862DB}; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}
FF - ExtSQL: 2013-07-02 09:03; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2013-07-25 00:00; [email protected]; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{65E72875-31FA-472B-8B1A-2FCDDBDAD50F} - c:\documents and settings\Steve Galkin\Local Settings\Application Data\getsav-in\ie\getsav-in_1370877302.dll
BHO-{F19C303D-06BD-4346-98CB-DA3D2B26B021} - c:\documents and settings\Steve Galkin\Local Settings\Application Data\getsavin\ie\getsavin_1374794401.dll
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Cobian Backup 8 interface - c:\program files\Cobian Backup 8\cbInterface.exe
MSConfigStartUp-EEventManager - c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
MSConfigStartUp-TFncKy - TFncKy.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-WD Quick View - c:\program files\Western Digital\WD Quick View\WDDMStatus.exe
AddRemove-GetSavin - c:\documents and settings\Steve Galkin\Local Settings\Application Data\getsavin\uninst.exe
AddRemove-{3CBF3EBB-235D-4c29-A68B-2BB1F428586E} - c:\program files\ParetoLogic\PCHA\uninstall.exe
AddRemove-DSite - c:\documents and settings\Steve Galkin\Application Data\DSite\UpdateProc\UpdateTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-01 22:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,cd,93,da,e8,32,5c,44,85,39,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,cd,93,da,e8,32,5c,44,85,39,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(6104)
c:\windows\system32\WININET.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\DIGIPO~1\CHOICE~1\IzyMail.exe
.
**************************************************************************
.
Completion time: 2013-08-01 22:24:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-02 02:24
.
Pre-Run: 62,495,584,256 bytes free
Post-Run: 64,485,183,488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 156496F4CDFC99649A1FF2C1C564D472
09CE7397AF23D4C0B331B89D0297CC7E


----------



## iagoman (Nov 5, 2003)

Things are much better. I'm not getting all those pop-up ads anymore and my system is working normally.
Do you have to review the log and make any additional changes?
I am not doing anything else to the laptop.
FYI, I have been running the free version of SuperAntispyware for years. I have been running it lately on a daily basis and
it's always finding a lot of tracking cookies, some of which it deletes and others that it quarantines. It only found that MULDROP virus a few weeks and removed it
My wife and are are planning a Canada trip in the near future... We'll toast you when we get to Quebec (my Dad was from Montreal & graduated from McGill Dental School in 1936).
Thanks again.
S.


----------



## Cookiegal (Aug 27, 2003)

That's great that you're coming to Quebec. I hope you will enjoy your trip. 

Before I post a fix using ComboFix, please answer the following:

Did you have Ad-Aware installed and then decided to remove it? I ask because there are remnants left over that I will be removing with ComboFix.

Do you know why this is in the scheduled tasks?

2013-08-01 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2008-03-07 00:12]

Did you add this site to the Trusted Zone intentionally?

Trusted Zone: ameritrade.com\wwws

Lastly, please do the following:

Please go to *VirusTotal* and upload the following file for scanning.

Click *Choose File*
Navigate to the following file then click *Open* 

```
c:\windows\WINPTR\winptr.exe
```

Click *Scan It*
If you get a message saying the file has already been analyzed click *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## iagoman (Nov 5, 2003)

The shut-down is scheduled for 1AM. I do a complete system backup using Macrium software. It starts at 11PM and takes about 45 minutes to complete. The laptop then shuts down at 1AM. Works very well.
Ad-Aware was once used. It can be zapped.
The Ameritrade is OK, it's only accessed by my wife, on her laptop but once in a while she uses my pc to get to the site. She is a day-trader and is on-line with Ameritrade for 9hrs a day! (Not on my laptop).
I'll look for your response, then do the tasks you specified.


----------



## Cookiegal (Aug 27, 2003)

Thanks for answering my questions.

I'm still waiting for you to scan that file though at Virus Total and post the URL to the results please.


----------



## iagoman (Nov 5, 2003)

https://www.virustotal.com/en/file/...f44d6a5cf0e5bafd0608c341171c8b49f88/analysis/

I know this file WINPTR). I've used it for about 8 years. It's a simple screen-capture prog that I love. It won't work on Win7, so when I eventually go there, it will be gone.


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.

I would recommend uninstalling these via the Control Panel - Add or Remove Programs:

Video Downloader
Video Downloader version 2.0

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
c:\program files\MyPC Backup
c:\program files\vGrabber-software
c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt
c:\program files\Flash Player Pro
c:\program files\Lavasoft

File::
c:\windows\unins001.exe
c:\windows\system32\DRIVERS\Lbd.sys

Driver::
Lbd
Lavasoft Kernexplorer

Firefox::
FF - ProfilePath - c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\
FF - ExtSQL: 2013-06-27 15:13; 9518042e-7ad6-4dac-b377-056e28d00c8f...8db8838882.com; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com
FF - ExtSQL: 2013-07-02 09:03; {8BD43E5D-6169-4FBD-8560-41FF981862DB}; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}
FF - ExtSQL: 2013-07-25 00:00; [email protected]; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe (or the renamed puppy.exe if you were asked to rename it).










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## iagoman (Nov 5, 2003)

I can't seem to copy all the text. Data to the right side gets truncated and I can't expand the sides.


----------



## Cookiegal (Aug 27, 2003)

Isn't there a scroll bar at the bottom?

You should be able to drag your mouse across the text. Just be sure to drag it to the extreme right to get everything in. when doing that the scroll bar should move over to the extreme right side.


----------



## iagoman (Nov 5, 2003)

I did do that. The scroll bar doesn't move. Can you post that box with all data showing?


----------



## Cookiegal (Aug 27, 2003)

No I can't do that but I am uploading it as an attachment. It will already be the CFScript.txt file so just save it to your desktop and then drag it in to ComboFix to run it.


----------



## iagoman (Nov 5, 2003)

All went well. I dropped that file into the "puppy.exe" file and combofix ran for about 15 minutes.
Here is the log.

ComboFix 13-08-01.01 - Steve Galkin 08/03/2013 10:05:45.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2274 [GMT -4:00]
Running from: c:\documents and settings\Steve Galkin\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Steve Galkin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\unins001.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt
c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt\.build
c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt\.user
c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt\eula.txt
c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt\uninst.exe
c:\program files\Flash Player Pro
c:\program files\Flash Player Pro\Flash Player Pro.exe
c:\program files\Flash Player Pro\FlashActivex.exe
c:\program files\Flash Player Pro\help.chm
c:\program files\Flash Player Pro\Homepage.url
c:\program files\Flash Player Pro\unins000.dat
c:\program files\Flash Player Pro\unins000.exe
c:\program files\MyPC Backup
c:\program files\MyPC Backup\DEL_UnRegisterExtensions.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Legacy_LBD
-------\Service_Lavasoft Kernexplorer
-------\Service_Lbd
.
.
(((((((((((((((((((((((((  Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))
.
.
2013-08-03 12:00 . 2013-08-03 12:04	--------	d-----w-	c:\windows\system32\MRT
2013-08-03 02:45 . 2013-07-02 06:54	7143960	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE5208DF-9604-4B98-988C-0D9297194EED}\mpengine.dll
2013-08-02 02:28 . 2013-07-02 06:54	7143960	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-26 15:15 . 2013-08-01 13:07	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 15:15 . 2013-08-01 13:07	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-24 12:22 . 2013-07-24 14:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2013-07-24 12:22 . 2013-07-24 14:56	--------	d-----w-	c:\documents and settings\Steve Galkin\Application Data\Yahoo!
2013-07-05 23:50 . 2013-07-05 23:50	--------	d-----w-	c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-25 23:21 . 2013-06-19 22:27	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-07-25 23:21 . 2013-06-19 22:27	144896	----a-w-	c:\windows\system32\javacpl.cpl
2013-07-25 23:21 . 2012-10-04 22:26	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-07-25 23:21 . 2010-05-14 01:40	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-05 00:45 . 2013-06-27 19:13	0	----a-w-	c:\windows\system32\TempWmicBatchFile.bat
2013-06-19 01:50 . 2009-06-18 22:48	211560	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-14 20:45 . 2013-06-14 20:44	8281168	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-06-08 03:55 . 2008-03-07 01:15	385024	----a-w-	c:\windows\system32\html.iec
2013-06-07 21:56 . 2008-03-07 01:16	920064	----a-w-	c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2008-03-07 01:15	43520	------w-	c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2008-03-07 01:15	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-06-07 20:37 . 2013-06-07 20:37	715038	----a-w-	c:\windows\unins000.exe
2013-06-04 07:23 . 2008-03-07 01:15	562688	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2008-03-07 01:16	1876736	----a-w-	c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2006-10-19 02:47	1543680	------w-	c:\windows\system32\wmvdecod.dll
2013-05-08 06:10 . 2011-06-11 05:58	770384	----a-w-	c:\windows\system32\msvcr100.dll
2013-05-08 06:10 . 2011-06-11 05:58	421200	----a-w-	c:\windows\system32\msvcp100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChoiceMail"="c:\progra~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe" [2003-04-08 1772032]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-01-29 131072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 4760816]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-13 109784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-13 109784]
.
c:\documents and settings\Steve Galkin\Start Menu\Programs\Startup\
WinPtr.lnk - c:\windows\WINPTR\winptr.exe [2008-10-20 263168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2011-01-19 279912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Steve Galkin^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Steve Galkin\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-26 00:41	413696	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
2007-04-14 02:16	311296	----a-w-	c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-09 23:36	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-11-23 17:40	126976	----a-w-	c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-20 11:37	116648	----atw-	c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 18:34	162328	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 22:44	178712	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 18:34	141848	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 21:13	1101824	----a-w-	c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 21:18	995328	----a-w-	c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 21:23	191552	----a-w-	c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2001-09-24 13:39	98304	----a-w-	c:\program files\Common Files\Logitech\QCDriver\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-06-20 21:25	995176	----a-w-	c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 18:34	137752	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-29 22:47	16859648	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-15 16:05	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 00:20	1024000	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2008-03-04 19:12	360448	----a-w-	c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-20 14:13	273544	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2007-10-08 20:02	262144	----a-w-	c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uploader]
2012-07-02 16:35	120496	----a-w-	c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcrSch2Svc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\IzyMail.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\ChoiceMail.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TOSHIBA\\Windows Utilities\\TACSPROP.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Documents and Settings\\Steve Galkin\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Epson Software\\ECPrinterSetup\\ENPApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [7/1/2011 12:55 PM 16024]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [11/9/2010 9:51 AM 752128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [5/10/2012 2:00 PM 539744]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [4/18/2013 5:36 PM 122000]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/13/2012 8:32 PM 14976]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [7/2/2012 12:33 PM 14528]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 10:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 10:24 AM 399416]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/12/2013 2:37 PM 3289472]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 4:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 4:15 PM 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [3/6/2008 10:30 PM 5888]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S1 MpKsl2be95743;MpKsl2be95743;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE5208DF-9604-4B98-988C-0D9297194EED}\MpKsl2be95743.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE5208DF-9604-4B98-988C-0D9297194EED}\MpKsl2be95743.sys [?]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe --> c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 8:47 PM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/9/2010 9:51 AM 163232]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/6/2008 11:00 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 8:47 PM 135664]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [7/1/2011 12:55 PM 45208]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [7/1/2011 12:56 PM 12952]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/9/2012 11:58 AM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 13:07]
.
2013-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-08-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-07 00:47]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:47]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:47]
.
2013-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005Core.job
- c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 11:37]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005UA.job
- c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 11:37]
.
2012-10-03 c:\windows\Tasks\My Backup xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2011-07-01 16:50]
.
2013-08-03 c:\windows\Tasks\My Backup(5) xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2011-07-01 16:50]
.
2013-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-454583010-175260030-2287809055-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2013-08-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-454583010-175260030-2287809055-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2013-08-03 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2008-03-07 00:12]
.
2012-10-24 c:\windows\Tasks\Steve Galkin DBAgent 2 0.job
- c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-07-02 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: ameritrade.com\wwws
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
FF - ProfilePath - c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\
FF - ExtSQL: 2013-06-07 16:42; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-06-27 15:13; [email protected]db8838882.com; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com
FF - ExtSQL: 2013-07-02 09:03; {8BD43E5D-6169-4FBD-8560-41FF981862DB}; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}
FF - ExtSQL: 2013-07-02 09:03; lesstabs[email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2013-07-25 00:00; [email protected]; c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Flash Player Pro_is1 - c:\program files\Flash Player Pro\unins000.exe
AddRemove-Define Ext - c:\documents and settings\Steve Galkin\Local Settings\Application Data\DefineExt\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-03 10:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,cd,93,da,e8,32,5c,44,85,39,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,cd,93,da,e8,32,5c,44,85,39,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\WININET.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\xpsp3res.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\DIGIPO~1\CHOICE~1\IzyMail.exe
.
**************************************************************************
.
Completion time: 2013-08-03 10:21:03 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-03 14:21
ComboFix2.txt 2013-08-02 02:24
.
Pre-Run: 64,247,033,856 bytes free
Post-Run: 64,297,594,880 bytes free
.
- - End Of File - - 45409867CF666329CA555E1FDD4A5310
09CE7397AF23D4C0B331B89D0297CC7E


----------



## Cookiegal (Aug 27, 2003)

I see you're using Macrium Reflect. Why did you not just restore an image of your computer using that program when you started having problems?


----------



## iagoman (Nov 5, 2003)

I ask myself the same question. Why... Stupidity?
Actually, I have never restored the entire system. Sorta nervous about trying it.
Thanks again for your time and successful effort in getting me back to normal.
Merci beacoupe!
Steveg


----------



## Cookiegal (Aug 27, 2003)

It's because the program isn't of much use to you if you don't plan on using it. 

But we can continue if you wish.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## iagoman (Nov 5, 2003)

OTL logfile created on: 8/3/2013 12:06:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve Galkin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.66% Memory free
4.83 Gb Paging File | 4.30 Gb Available in Paging File | 89.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 59.83 Gb Free Space | 42.50% Space Free | Partition Type: NTFS
Drive E: | 2794.51 Gb Total Space | 2334.67 Gb Free Space | 83.54% Space Free | Partition Type: NTFS

Computer Name: SBGTOSHIBA | User Name: Steve Galkin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/03 12:05:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
PRC - [2013/07/25 19:21:33 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/13 15:24:22 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/09/12 08:34:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/10/31 14:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2009/01/29 14:25:55 | 000,131,072 | ---- | M] (South Bay Software) -- C:\Program Files\AutoSizer\AutoSizer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/04/10 11:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [1999/10/12 22:39:22 | 000,646,656 | ---- | M] () -- C:\Program Files\shortkey\SHORTKEY.EXE

========== Modules (No Company Name) ==========

MOD - [2013/07/24 09:18:42 | 001,226,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a32eed29f25d7d4ea0bfa1e7e5489ba2\System.WorkflowServices.ni.dll
MOD - [2013/07/24 09:18:00 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9c0f2fa6d0dd670512e52db959e8eaa6\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/24 09:17:59 | 001,141,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\77a9a63f46176d6e8ef53ac220012ebd\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/24 09:17:58 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\84eb08a79334a22f4d49bd1c5b783f7c\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/24 09:17:36 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/24 09:17:35 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fef870c310e8117fcd348efe354052fc\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/24 09:17:29 | 001,078,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f4cf6be9712d6940838585e4a70efdb4\System.IdentityModel.ni.dll
MOD - [2013/07/24 09:17:27 | 018,101,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a6bd2f8159d0a7f364f4b34fb2123e01\System.ServiceModel.ni.dll
MOD - [2013/07/24 09:17:01 | 001,076,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\54dc28b359a5912bd870de05402a4ab8\System.ServiceModel.Web.ni.dll
MOD - [2013/07/24 09:00:03 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/24 08:59:55 | 001,926,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\33bab1a4c3f9d76a8fc9df83aa3bb73f\System.Web.Services.ni.dll
MOD - [2013/07/24 08:59:30 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll
MOD - [2013/07/24 08:59:28 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\146c1e45baba9c81ed88ef28a368f215\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/24 08:59:26 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\81cce7362766900e91afb51f2c48abb0\SMDiagnostics.ni.dll
MOD - [2013/07/24 08:59:24 | 002,646,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d040bb34ddf0766f4de0fb9cc5191ca8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/24 08:58:06 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/24 08:52:52 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aa78c26d45f57e7bb99a7356154de49b\PresentationFramework.ni.dll
MOD - [2013/07/24 08:52:28 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b8562544df44384d9800def1ab7d096b\PresentationCore.ni.dll
MOD - [2013/07/24 08:52:07 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\fc07e5bc2553d060a814674b67f50318\WindowsBase.ni.dll
MOD - [2013/07/24 08:51:53 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5326f0da29e8171624f520a81f6e3eb1\System.Core.ni.dll
MOD - [2013/07/24 08:51:50 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/24 08:51:45 | 001,013,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/24 08:51:40 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/24 08:51:24 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/02/12 22:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
MOD - [2009/01/29 14:25:55 | 000,086,016 | ---- | M] () -- C:\Program Files\AutoSizer\AutoSizer.dll
MOD - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/10/08 17:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
MOD - [1999/10/12 22:39:22 | 000,646,656 | ---- | M] () -- C:\Program Files\shortkey\SHORTKEY.EXE
MOD - [1999/05/07 14:20:06 | 000,029,184 | ---- | M] () -- C:\Program Files\shortkey\SHTK95HK.DLL

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2013/08/01 09:07:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/28 09:48:41 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/25 19:21:33 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/12 08:34:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/04/10 11:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE5208DF-9604-4B98-988C-0D9297194EED}\MpKsl2be95743.sys -- (MpKsl2be95743)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\puppy\catchme.sys -- (catchme)
DRV - [2011/08/04 09:28:13 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 09:28:13 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/01 12:56:02 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2011/07/01 12:55:28 | 000,045,208 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psmounter.sys -- (PSMounter)
DRV - [2010/11/11 21:36:32 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/11/11 21:36:17 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2010/11/11 21:36:15 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/11/11 21:36:06 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/30 14:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/01/04 02:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/09/26 09:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/08/27 14:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/04 11:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2007/03/26 16:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 18:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 16:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001/09/24 09:39:18 | 000,010,261 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2001/09/24 09:38:26 | 000,033,280 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001/09/20 03:39:44 | 000,193,574 | ---- | M] (Tekom Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{922AF453-0CFD-4800-BDC6-CA3B819F52A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111221&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{922AF453-0CFD-4800-BDC6-CA3B819F52A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B8BD43E5D-6169-4FBD-8560-41FF981862DB%7D:1.5
FF - prefs.js..extensions.enabledAddons: lesstabs%40lesstabs.com:1.7.2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/20 10:14:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/05/13 15:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/07 16:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013/07/28 09:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/28 09:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/28 09:47:59 | 000,000,000 | ---D | M]

[2010/11/05 09:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Extensions
[2013/07/31 20:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions
[2013/03/24 15:27:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/06/21 11:25:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/07/02 09:03:00 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}
[2013/07/27 09:12:59 | 000,000,000 | ---D | M] ("Solid Savings") -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com
[2013/07/25 19:25:48 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2013/06/10 11:23:33 | 000,000,000 | ---D | M] (getsav-in) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2013/07/25 19:26:06 | 000,000,000 | ---D | M] (Define Ext) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2012/02/06 10:56:59 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2013/07/27 09:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode
[2011/12/21 19:57:23 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\searchplugins\bing-zugo.xml
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/07/28 09:47:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/07/28 09:47:49 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/28 09:47:54 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/28 09:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/28 09:47:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 09:48:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/20 15:47:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/03/07 09:34:46 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: LessTabs = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.2.0_0\
CHR - Extension: Define Ext = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: GetSavin = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\

O1 HOSTS File: ([2013/08/03 10:14:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoSizer] C:\Program Files\AutoSizer\AutoSizer.exe (South Bay Software)
O4 - HKCU..\Run: [ChoiceMail] C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Startup\WinPtr.lnk = C:\WINDOWS\WINPTR\winptr.exe (Silent O Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///D:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.33/uploader2.cab (UploadListView Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224556295671 (WUWebControl Class)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///D:/activeX/aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE5BE75-EE9F-41A8-8D52-5FF920C654AA}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 21:49:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/03 12:05:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
[2013/08/03 08:00:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/01 22:05:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/01 22:03:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/01 22:03:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/01 22:03:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/01 22:03:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/01 22:00:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/01 22:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/01 21:59:03 | 005,097,176 | R--- | C] (Swearware) -- C:\Documents and Settings\Steve Galkin\Desktop\puppy.exe
[2013/08/01 21:49:50 | 001,847,424 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Steve Galkin\Desktop\rkill.exe
[2013/07/29 10:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Desktop\New Folder
[2013/07/28 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/26 11:15:22 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/26 11:15:22 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/25 19:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
[2013/07/25 19:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\My Documents\Flash Player Pro
[2013/07/25 19:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Define Ext
[2013/07/25 19:21:57 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/25 19:21:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/25 19:21:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/24 08:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/07/24 08:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Application Data\Yahoo!
[2013/07/04 12:58:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/03 12:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/03 12:06:04 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-454583010-175260030-2287809055-1005.job
[2013/08/03 12:06:04 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-454583010-175260030-2287809055-1005.job
[2013/08/03 12:05:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
[2013/08/03 12:01:44 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2013/08/03 11:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/03 11:47:59 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\My Backup(5) xml.job
[2013/08/03 11:24:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/08/03 11:23:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005UA.job
[2013/08/03 10:52:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/03 10:14:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/03 10:13:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/03 10:13:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/03 10:13:31 | 3210,698,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/03 07:55:06 | 000,837,126 | ---- | M] () -- C:\Everything.db
[2013/08/03 01:00:04 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\shutdown.job
[2013/08/01 22:05:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/01 21:59:12 | 005,097,176 | R--- | M] (Swearware) -- C:\Documents and Settings\Steve Galkin\Desktop\puppy.exe
[2013/08/01 21:49:52 | 001,847,424 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Steve Galkin\Desktop\rkill.exe
[2013/08/01 13:23:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005Core.job
[2013/08/01 09:07:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/01 09:07:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/28 20:33:24 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Shortcut to PARIS iPhone Pics.lnk
[2013/07/27 07:17:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/25 19:29:08 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Flash Player Pro.lnk
[2013/07/25 19:21:35 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/25 19:21:31 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/25 19:21:31 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/25 19:21:31 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/25 19:21:31 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/25 19:21:30 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/07/25 19:21:30 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/25 09:50:45 | 000,000,925 | ---- | M] () -- C:\0
[2013/07/24 10:38:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/24 10:04:54 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/07/24 09:10:35 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/24 08:49:49 | 000,525,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/24 08:49:49 | 000,097,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/24 08:45:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/24 00:49:36 | 000,103,861 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\Page 4 Uniform Resid Loan Applic.pdf
[2013/07/24 00:04:34 | 000,367,448 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\Uniform Residential Loan Applic.pdf
[2013/07/08 15:09:53 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Google.url
[2013/07/08 11:36:28 | 000,126,026 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\MLG-SBG-MMG Agreement.pdf
[2013/07/05 23:05:55 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\spider.sav
[2013/07/05 22:10:33 | 000,095,299 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\New Yorker Humor.jpg
[2013/07/04 20:45:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/03 07:55:06 | 000,837,126 | ---- | C] () -- C:\Everything.db
[2013/08/01 22:05:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/01 22:05:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/01 22:03:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/01 22:03:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/01 22:03:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/01 22:03:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/01 22:03:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/28 20:33:24 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\Shortcut to PARIS iPhone Pics.lnk
[2013/07/26 16:37:25 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/07/26 11:15:24 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/25 19:29:08 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\Flash Player Pro.lnk
[2013/07/24 00:49:36 | 000,103,861 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\Page 4 Uniform Resid Loan Applic.pdf
[2013/07/24 00:04:32 | 000,367,448 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\Uniform Residential Loan Applic.pdf
[2013/07/08 11:36:27 | 000,126,026 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\MLG-SBG-MMG Agreement.pdf
[2013/07/05 22:10:33 | 000,095,299 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\New Yorker Humor.jpg
[2013/07/04 20:43:41 | 3210,698,752 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/17 16:37:11 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\WBPU-TTL.DAT
[2013/06/14 16:37:40 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/06/07 16:38:29 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/07 16:38:29 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/07 16:38:16 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/06/07 16:38:11 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/06/07 16:37:56 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/06/07 16:37:55 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/06/07 16:37:55 | 000,001,796 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013/04/20 01:01:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/04/18 17:31:30 | 000,000,106 | ---- | C] () -- C:\WINDOWS\XP400.ini
[2012/10/14 09:29:51 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/13 20:32:33 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/10/13 20:32:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/10/13 20:31:58 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/10/05 01:01:39 | 000,525,259 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-454583010-175260030-2287809055-1005-0.dat
[2012/10/04 18:28:17 | 000,276,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 08:39:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/23 19:00:21 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\.recently-used.xbel
[2010/08/20 20:48:29 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\fusioncache.dat
[2008/11/16 11:20:42 | 000,039,739 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\Microsoft Excel.ADR
[2008/10/30 10:58:35 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\Comma Separated Values (Windows).ADR
[2008/10/20 22:11:35 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/03/06 21:52:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
OTL Extras logfile created on: 8/3/2013 12:06:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve Galkin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.66% Memory free
4.83 Gb Paging File | 4.30 Gb Available in Paging File | 89.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 59.83 Gb Free Space | 42.50% Space Free | Partition Type: NTFS
Drive E: | 2794.51 Gb Total Space | 2334.67 Gb Free Space | 83.54% Space Free | Partition Type: NTFS

Computer Name: SBGTOSHIBA | User Name: Steve Galkin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe" = C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe:*:Enabled:ChoiceMail WebMail Server - using IzyMail technology -- (IzySoft)
"C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe" = C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe:*:Enabled:ChoiceMail -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe" = C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe:*:Enabled:Accessibility -- (TOSHIBA)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\mshta.exe" = C:\WINDOWS\system32\mshta.exe:*:Enabled-Link Setup Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe" = C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe:*:Enabled:Epson Connect Printer Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{331C9768-BAD9-F31B-8DA2-0268D346C702}" = Times Reader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61B84435-7A82-4F5C-87EC-1071EC28D72D}" = TOSHIBA Utilities
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F56519-91DF-4D42-A36D-3D4BCA0B8329}" = DAK Wave MP3 Editor PRO v6.1b
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A737E18A-5171-40D0-8034-7DD243420081}" = Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB912177-24CC-4AEE-8329-97D7ACD125D4}" = Macrium Reflect - Free Edition
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C02A6D5F-0FE1-46DE-B483-2BD33A226BCF}" = TOSHIBA TouchPad ON/Off Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F87607CB-BCC7-4263-8F05-F901097BF956}" = Holy Grail Song Splitter PRO
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-8-9-5 (All Users)
"Any Password_is1" = Any Password 1.44
"AutoSizer" = AutoSizer
"Belarc Advisor" = Belarc Advisor 7.2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"ChoiceMail One Retail 1.600" = ChoiceMail One Retail 1.600
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"CSCLIB" = Canon Camera Support Core Library
"DAKDePopper3" = DAK DePopper 3.x
"DAKEqualizer2" = DAK Equalizer 2.x
"DC-Bass Source" = DC-Bass Source 1.3.0
"DivX Setup" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Remote Print" = EPSON Remote Print Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON XP-400 Series" = EPSON XP-400 Series Printer Uninstall
"Everything" = Everything 1.2.1.371
"Fences Pro" = Fences Pro
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LessTabs" = LessTabs
"LTCM Client" = LTCM Client
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NexGen Media Player" = NexGen Media Player - a modern video player
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"PE Builder_is1" = PE Builder 3.1.10a
"PhotoFiltre" = PhotoFiltre
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"PublicWare File Renamer" = PublicWare File Renamer
"QCDrivers" = QuickCam Drivers
"Quick Search Box" = Google Quick Search Box
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Silent Package Run-Time Sample" = EPSON Perf 4490P Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
"vsfilter_is1" = DirectVobSub 2.40.4209
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2013 1:05:55 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/25/2013 7:33:59 PM | Computer Name = SBGTOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application optimizerpro.exe, version 3.0.1.0, faulting module
kernel32.dll, version 5.1.2600.6293, fault address 0x0000a300.

Error - 7/25/2013 7:34:12 PM | Computer Name = SBGTOSHIBA | Source = Application Error | ID = 1001
Description = Fault bucket -705334370.

Error - 7/25/2013 8:35:21 PM | Computer Name = SBGTOSHIBA | Source = Microsoft Management Console | ID = 1000
Description =

Error - 7/25/2013 8:35:25 PM | Computer Name = SBGTOSHIBA | Source = Microsoft Management Console | ID = 1001
Description =

Error - 7/26/2013 11:27:09 AM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2013 11:27:14 AM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/1/2013 2:24:05 PM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8/1/2013 10:03:48 PM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8/3/2013 10:04:18 AM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 8/2/2013 8:33:29 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/3/2013 7:52:40 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 8/3/2013 7:52:40 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 8/3/2013 7:52:40 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 8/3/2013 7:52:53 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/3/2013 9:57:23 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/3/2013 10:11:32 AM | Computer Name = SBGTOSHIBA | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_LAVASOFT_KERNEXPLORER\0000 disappeared from
the system without first being prepared for removal.

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Can you tell me what's in this folder please?

C:\0

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
[2013/07/27 09:12:59 | 000,000,000 | ---D | M] ("Solid Savings") -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com
[2013/07/25 19:25:48 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2013/06/10 11:23:33 | 000,000,000 | ---D | M] (getsav-in) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2013/07/25 19:26:06 | 000,000,000 | ---D | M] (Define Ext) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2013/07/28 09:47:49 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/12/20 15:47:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
CHR - default_search_provider: Conduit (Enabled)
CHR - Extension: Define Ext = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: GetSavin = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...Control_32.CAB (Reg Error: Key error.)
[2013/07/25 19:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
[2013/07/25 19:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\My Documents\Flash Player Pro
[2013/07/25 19:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Define Ext
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2013/07/25 19:29:08 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Flash Player Pro.lnk
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## iagoman (Nov 5, 2003)

Once again, I can't cntl A on the box. can you send it as an attachment, like the last one? 

The folder at C:\0 I deleted it. It had something to do with my iPhone pictures that I took in Paris.
See Below.
L  À F&#8250; &#8221;ÒX&#8224;Î"¿î9=&#8240;Îpó[üÑ&#710;ÎþV-  $ Hº
E%*Ð&#732;¨ 6j 1 øB&#8240;½ MYPICT~1 .   ï¾U9&#8250;ùB&#8217;e M y P i c t u r e s  $ '  ï¾S t e v e G a l k i n  R 1 ùB® PARISI~1 :   ï¾øBy½ùBæf P A R I S i P h o n e P i c s  R 2 þV- ùB: PI63B8~1.JPG 6   ï¾õB.«ùB: P i c t u r e 4 6 9 . j p g  &#8212;    4 &#8211;   ê³ C drive C:\Documents and Settings\Steve Galkin\My Documents\My Pictures\PARIS iPhone Pics\Picture 469.jpg = . . \ M y D o c u m e n t s \ M y P i c t u r e s \ P A R I S i P h o n e P i c s \ P i c t u r e 4 6 9 . j p g Q C : \ D o c u m e n t s a n d S e t t i n g s \ S t e v e G a l k i n \ M y D o c u m e n t s \ M y P i c t u r e s \ P A R I S i P h o n e P i c s   *' ~ `  *X sbgtoshiba ZëK:µÓ@*Ä
èàTÃÌ&#8224;&#8250;&#8249;.õâ¢&#8240; 3<ºZëK:µÓ@*Ä
èàTÃÌ&#8224;&#8250;&#8249;.õâ¢&#8240; 3<º


----------



## Cookiegal (Aug 27, 2003)

You can't do Ctrl+A on a code box but you just need to drag your mouse over it to copy the text. This is how we generally do it. Just left click at the top left of the box and hold the button down and drag it to the bottom and over to the far right. That will highlight the text. Then right-click the highlighted text and select "copy".


----------



## iagoman (Nov 5, 2003)

I do know how to do that, but when I drag it to the right, it doesn't pick up the data to the right.
I tried pasting it to a .txt file to see if it's all there...It's not.
Everything past the right edge of the box is not picked up.


----------



## Cookiegal (Aug 27, 2003)

Here you go.


----------



## iagoman (Nov 5, 2003)

tks, here is the log.

========== OTL ==========
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\skin folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\locale\en-US folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\locale folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\defaults folder moved successfully.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode scheduled to be moved on reboot.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content\core folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content\api folder moved successfully.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com scheduled to be moved on reboot.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\getsavin\tests folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\getsavin\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\getsavin\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\getsavin folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\getsav-in\tests folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\getsav-in\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\getsav-in\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\getsav-in folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\windows folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\window folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\utils folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\traits folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\tabs folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\system folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\l10n folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\gy[email protected]\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\events folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\event folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\dom folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\content folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\addon folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\api-utils folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\addon-kit folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\tests folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\lib folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\data folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\a folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\resources folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\locale folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected] folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected].com\resources\api-utils\lib\window folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]a.com\resources\addon-kit\lib\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected] folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\.svn\tmp\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\.svn\tmp\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\.svn\tmp\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\.svn\tmp folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\.svn\text-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\.svn\props folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\.svn\prop-base folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\.svn folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0 folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro folder moved successfully.
C:\Documents and Settings\Steve Galkin\My Documents\Flash Player Pro\Favorites\Games folder moved successfully.
C:\Documents and Settings\Steve Galkin\My Documents\Flash Player Pro\Favorites\Cartoon folder moved successfully.
C:\Documents and Settings\Steve Galkin\My Documents\Flash Player Pro\Favorites folder moved successfully.
C:\Documents and Settings\Steve Galkin\My Documents\Flash Player Pro\Download folder moved successfully.
C:\Documents and Settings\Steve Galkin\My Documents\Flash Player Pro folder moved successfully.
C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Define Ext folder moved successfully.
C:\WINDOWS\003004_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Steve Galkin\Desktop\Flash Player Pro.lnk moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 08032013_181254

Files\Folders moved on Reboot...
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content\extensionCode scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]db8838882.com scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## Cookiegal (Aug 27, 2003)

That's good.


Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## iagoman (Nov 5, 2003)

roguekiller ran with no problems.

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Steve Galkin [Admin rights]
Mode : Scan -- Date : 08/03/2013 22:40:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1646GSX +++++
--- User ---
[MBR] bbc23a02a4a374aa1e31c50e952ab14f
[BSP] 3e1d18128a29e98c4b7a9b4c88119772 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 144145 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 295210440 | Size: 8479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08032013_224043.txt >>


----------



## Cookiegal (Aug 27, 2003)

That looks good.

How are things with the system now?


----------



## iagoman (Nov 5, 2003)

Working well, but my dvd's don't play and auto-run doesn't work. I checked on the TSG site for a DVD player.
"CLIPREX" and "VLC" were recommended. Any thoughts on that?
Steve


----------



## Cookiegal (Aug 27, 2003)

They probably do work but autoruns was disabled by ComboFix as I stated when I gave the instructions to run it:

"ComboFix also prevents autorun of ALL CDs, floppies and USB devices..."

You just need to launch them manually by clicking on the CD/DVD drive and clicking on the item to run it. Autorun is a security risk but we can restore it with a registry fix if you wish.


----------



## iagoman (Nov 5, 2003)

can you give me the fix and i can run it if i decide i want it?
Other than that, all is good.
I will be sending some $$ to Combofix, Roguekiller and to TSG(again), you're all worth it!
Steve


----------



## Cookiegal (Aug 27, 2003)

I'm attaching the registry fix to restore the autoruns function. It's a zipped file so you need to save it to your desktop and then unzip it (extract the file). Then double-click on the FixAutorun.reg file and allow it to merge into the registry.

Thank you for your kind donations to ComboFix, RogueKiller and TSG! That is extremely generous of you and certainly very much appreciated by all parties. :up:

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there.









Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## iagoman (Nov 5, 2003)

Hi Cookiegal,

1. uninstalled Combofix
2 Ran Superantispyware (to get rid of harmless cookies)
3 turned of sys restore, re-booted and turned it back on.
4 created new restore point
5 Had a drink to celebrate!
6. Off to PayPal


----------



## Cookiegal (Aug 27, 2003)

iagoman said:


> 5 Had a drink to celebrate!


LOL! It might have been wise to wait until after no. 6. 

But seriously, thank you very much again.


----------



## iagoman (Nov 5, 2003)

Somethings not right!
I donated at TSG via PayPal, that went OK.
I used Google to get to Combofix.com and I get sent to 
http/:shop.sprint.com/myprintshop........etc.
I then keyed it directly and was taken to a different site.
Do I still have a virus?
Steve


----------



## Cookiegal (Aug 27, 2003)

Combofix.com is NOT affiliated with ComboFix in any way. There is a link to PayPal to donate to the developer of ComboFix on the Bleeping Computer page where you download it and also in the tool itself, I believe. It looks like you got yourself reinfected.  Hopefully it's just an advertisement with a rogue add-on or extension.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## iagoman (Nov 5, 2003)

OTL logfile created on: 8/4/2013 5:24:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve Galkin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 72.00% Memory free
4.83 Gb Paging File | 4.06 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 69.02 Gb Free Space | 49.03% Space Free | Partition Type: NTFS
Drive E: | 2794.51 Gb Total Space | 2265.23 Gb Free Space | 81.06% Space Free | Partition Type: NTFS

Computer Name: SBGTOSHIBA | User Name: Steve Galkin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/04 17:24:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
PRC - [2013/07/28 09:48:42 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/25 19:21:33 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/15 21:52:27 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/05/13 15:24:22 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/09/12 08:34:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/10/31 14:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2009/01/29 14:25:55 | 000,131,072 | ---- | M] (South Bay Software) -- C:\Program Files\AutoSizer\AutoSizer.exe
PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/04/10 11:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2003/04/08 13:53:22 | 001,772,032 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
PRC - [2003/03/28 14:50:06 | 000,111,616 | ---- | M] (IzySoft) -- C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe
PRC - [1999/10/12 22:39:22 | 000,646,656 | ---- | M] () -- C:\Program Files\shortkey\SHORTKEY.EXE

========== Modules (No Company Name) ==========

MOD - [2013/07/28 09:48:12 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/24 09:18:42 | 001,226,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a32eed29f25d7d4ea0bfa1e7e5489ba2\System.WorkflowServices.ni.dll
MOD - [2013/07/24 09:18:00 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9c0f2fa6d0dd670512e52db959e8eaa6\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/24 09:17:59 | 001,141,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\77a9a63f46176d6e8ef53ac220012ebd\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/24 09:17:58 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\84eb08a79334a22f4d49bd1c5b783f7c\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/24 09:17:36 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/24 09:17:35 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fef870c310e8117fcd348efe354052fc\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/24 09:17:29 | 001,078,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f4cf6be9712d6940838585e4a70efdb4\System.IdentityModel.ni.dll
MOD - [2013/07/24 09:17:27 | 018,101,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a6bd2f8159d0a7f364f4b34fb2123e01\System.ServiceModel.ni.dll
MOD - [2013/07/24 09:17:01 | 001,076,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\54dc28b359a5912bd870de05402a4ab8\System.ServiceModel.Web.ni.dll
MOD - [2013/07/24 09:00:03 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/24 08:59:55 | 001,926,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\33bab1a4c3f9d76a8fc9df83aa3bb73f\System.Web.Services.ni.dll
MOD - [2013/07/24 08:59:30 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll
MOD - [2013/07/24 08:59:28 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\146c1e45baba9c81ed88ef28a368f215\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/24 08:59:26 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\81cce7362766900e91afb51f2c48abb0\SMDiagnostics.ni.dll
MOD - [2013/07/24 08:59:24 | 002,646,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d040bb34ddf0766f4de0fb9cc5191ca8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/24 08:58:06 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/24 08:52:52 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aa78c26d45f57e7bb99a7356154de49b\PresentationFramework.ni.dll
MOD - [2013/07/24 08:52:28 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b8562544df44384d9800def1ab7d096b\PresentationCore.ni.dll
MOD - [2013/07/24 08:52:07 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\fc07e5bc2553d060a814674b67f50318\WindowsBase.ni.dll
MOD - [2013/07/24 08:51:53 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5326f0da29e8171624f520a81f6e3eb1\System.Core.ni.dll
MOD - [2013/07/24 08:51:50 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/24 08:51:45 | 001,013,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/24 08:51:40 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/24 08:51:24 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
MOD - [2009/01/29 14:25:55 | 000,086,016 | ---- | M] () -- C:\Program Files\AutoSizer\AutoSizer.dll
MOD - [2008/04/13 20:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/10/08 17:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
MOD - [2004/11/05 22:24:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\ConfigFree\CFShlExt.dll
MOD - [2003/04/08 13:53:22 | 001,772,032 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
MOD - [2000/06/24 15:29:40 | 000,151,552 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ssleay32.dll
MOD - [2000/06/24 15:29:00 | 000,655,360 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\libeay32.dll
MOD - [1999/10/12 22:39:22 | 000,646,656 | ---- | M] () -- C:\Program Files\shortkey\SHORTKEY.EXE
MOD - [1999/05/07 14:20:06 | 000,029,184 | ---- | M] () -- C:\Program Files\shortkey\SHTK95HK.DLL

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2013/08/01 09:07:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/28 09:48:41 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/25 19:21:33 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/12 08:34:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/04/10 11:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/04 14:09:24 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C279CF8-2C88-4B1C-B8B4-E3642F042011}\MpKsl4f7befb4.sys -- (MpKsl4f7befb4)
DRV - [2011/08/04 09:28:13 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 09:28:13 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/01 12:56:02 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2011/07/01 12:55:28 | 000,045,208 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psmounter.sys -- (PSMounter)
DRV - [2010/11/11 21:36:32 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/11/11 21:36:17 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2010/11/11 21:36:15 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/11/11 21:36:06 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/30 14:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/01/04 02:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/09/26 09:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/08/27 14:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/04 11:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2007/03/26 16:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 18:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 16:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001/09/24 09:39:18 | 000,010,261 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2001/09/24 09:38:26 | 000,033,280 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001/09/20 03:39:44 | 000,193,574 | ---- | M] (Tekom Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{922AF453-0CFD-4800-BDC6-CA3B819F52A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111221&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{922AF453-0CFD-4800-BDC6-CA3B819F52A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B8BD43E5D-6169-4FBD-8560-41FF981862DB%7D:1.5
FF - prefs.js..extensions.enabledAddons: lesstabs%40lesstabs.com:1.7.2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/20 10:14:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/05/13 15:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013/07/28 09:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/28 09:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/28 09:47:59 | 000,000,000 | ---D | M]

[2010/11/05 09:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Extensions
[2013/08/04 14:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions
[2013/03/24 15:27:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/06/21 11:25:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/07/02 09:03:00 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}
[2012/02/06 10:56:59 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2011/12/21 19:57:23 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\searchplugins\bing-zugo.xml
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/07/28 09:47:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/07/28 09:47:54 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/28 09:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/28 09:47:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 09:48:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/07 09:34:46 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23813525021731361&ctid=CT3289847&UM=2&sspv=TB_CH2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN23813525021731361&sspv=TB_CH2&UM=2
CHR - Extension: LessTabs = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.2.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\

O1 HOSTS File: ([2013/08/03 10:14:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoSizer] C:\Program Files\AutoSizer\AutoSizer.exe (South Bay Software)
O4 - HKCU..\Run: [ChoiceMail] C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Startup\WinPtr.lnk = C:\WINDOWS\WINPTR\winptr.exe (Silent O Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///D:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.33/uploader2.cab (UploadListView Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224556295671 (WUWebControl Class)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///D:/activeX/aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE5BE75-EE9F-41A8-8D52-5FF920C654AA}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 21:49:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/04 17:24:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
[2013/08/04 17:20:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/03 08:00:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/01 22:05:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/01 22:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/29 10:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Desktop\New Folder
[2013/07/28 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/26 11:15:22 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/26 11:15:22 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/25 19:21:57 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/25 19:21:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/25 19:21:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/24 08:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/07/24 08:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Application Data\Yahoo!

========== Files - Modified Within 30 Days ==========

[2013/08/04 17:24:24 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-454583010-175260030-2287809055-1005.job
[2013/08/04 17:24:24 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-454583010-175260030-2287809055-1005.job
[2013/08/04 17:24:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
[2013/08/04 17:23:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005UA.job
[2013/08/04 17:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/04 16:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/04 14:35:19 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2013/08/04 14:09:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/04 14:08:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/04 14:08:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/04 14:08:40 | 3210,698,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/04 13:51:31 | 000,802,940 | ---- | M] () -- C:\Everything.db
[2013/08/04 13:49:04 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/04 13:23:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005Core.job
[2013/08/04 12:43:08 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\FixAutorun.zip
[2013/08/04 11:24:17 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\fixcd.reg
[2013/08/04 11:24:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/08/04 01:01:02 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\shutdown.job
[2013/08/03 23:57:40 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\My Backup(5) xml.job
[2013/08/03 10:14:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/01 22:05:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/01 09:07:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/01 09:07:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/28 20:33:24 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Shortcut to PARIS iPhone Pics.lnk
[2013/07/27 07:17:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/25 19:21:35 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/25 19:21:31 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/25 19:21:31 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/25 19:21:31 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/25 19:21:31 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/25 19:21:30 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/07/25 19:21:30 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/24 10:38:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/24 10:04:54 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/07/24 08:49:49 | 000,525,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/24 08:49:49 | 000,097,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/24 08:45:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/24 00:49:36 | 000,103,861 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\Page 4 Uniform Resid Loan Applic.pdf
[2013/07/24 00:04:34 | 000,367,448 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\Uniform Residential Loan Applic.pdf
[2013/07/08 15:09:53 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Google.url
[2013/07/08 11:36:28 | 000,126,026 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\MLG-SBG-MMG Agreement.pdf
[2013/07/05 23:05:55 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\spider.sav
[2013/07/05 22:10:33 | 000,095,299 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\New Yorker Humor.jpg

========== Files Created - No Company Name ==========

[2013/08/04 13:51:30 | 000,802,940 | ---- | C] () -- C:\Everything.db
[2013/08/04 12:43:08 | 000,000,343 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\FixAutorun.zip
[2013/08/04 11:24:17 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\fixcd.reg
[2013/08/01 22:05:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/01 22:05:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/28 20:33:24 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\Shortcut to PARIS iPhone Pics.lnk
[2013/07/26 16:37:25 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/07/26 11:15:24 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/24 00:49:36 | 000,103,861 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\Page 4 Uniform Resid Loan Applic.pdf
[2013/07/24 00:04:32 | 000,367,448 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\Uniform Residential Loan Applic.pdf
[2013/07/08 11:36:27 | 000,126,026 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\MLG-SBG-MMG Agreement.pdf
[2013/07/05 22:10:33 | 000,095,299 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\New Yorker Humor.jpg
[2013/06/17 16:37:11 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\WBPU-TTL.DAT
[2013/06/14 16:37:40 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/06/07 16:38:29 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/07 16:38:29 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/07 16:38:16 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/06/07 16:38:11 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/06/07 16:37:56 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/06/07 16:37:55 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/06/07 16:37:55 | 000,001,796 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013/04/20 01:01:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/04/18 17:31:30 | 000,000,106 | ---- | C] () -- C:\WINDOWS\XP400.ini
[2012/10/14 09:29:51 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/13 20:32:33 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/10/13 20:32:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/10/13 20:31:58 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/10/05 01:01:39 | 000,525,259 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-454583010-175260030-2287809055-1005-0.dat
[2012/10/04 18:28:17 | 000,276,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 08:39:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/23 19:00:21 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\.recently-used.xbel
[2010/08/20 20:48:29 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\fusioncache.dat
[2008/11/16 11:20:42 | 000,039,739 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\Microsoft Excel.ADR
[2008/10/30 10:58:35 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\Comma Separated Values (Windows).ADR
[2008/10/20 22:11:35 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/03/06 21:52:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
OTL Extras logfile created on: 8/4/2013 5:24:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve Galkin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 72.00% Memory free
4.83 Gb Paging File | 4.06 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 69.02 Gb Free Space | 49.03% Space Free | Partition Type: NTFS
Drive E: | 2794.51 Gb Total Space | 2265.23 Gb Free Space | 81.06% Space Free | Partition Type: NTFS

Computer Name: SBGTOSHIBA | User Name: Steve Galkin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe" = C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe:*:Enabled:ChoiceMail WebMail Server - using IzyMail technology -- (IzySoft)
"C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe" = C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe:*:Enabled:ChoiceMail -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe" = C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe:*:Enabled:Accessibility -- (TOSHIBA)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\mshta.exe" = C:\WINDOWS\system32\mshta.exe:*:Enabled-Link Setup Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe" = C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe:*:Enabled:Epson Connect Printer Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{331C9768-BAD9-F31B-8DA2-0268D346C702}" = Times Reader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61B84435-7A82-4F5C-87EC-1071EC28D72D}" = TOSHIBA Utilities
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F56519-91DF-4D42-A36D-3D4BCA0B8329}" = DAK Wave MP3 Editor PRO v6.1b
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A737E18A-5171-40D0-8034-7DD243420081}" = Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB912177-24CC-4AEE-8329-97D7ACD125D4}" = Macrium Reflect - Free Edition
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C02A6D5F-0FE1-46DE-B483-2BD33A226BCF}" = TOSHIBA TouchPad ON/Off Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F87607CB-BCC7-4263-8F05-F901097BF956}" = Holy Grail Song Splitter PRO
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-8-9-5 (All Users)
"Any Password_is1" = Any Password 1.44
"AutoSizer" = AutoSizer
"Belarc Advisor" = Belarc Advisor 7.2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"ChoiceMail One Retail 1.600" = ChoiceMail One Retail 1.600
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"CSCLIB" = Canon Camera Support Core Library
"DAKDePopper3" = DAK DePopper 3.x
"DAKEqualizer2" = DAK Equalizer 2.x
"DC-Bass Source" = DC-Bass Source 1.3.0
"DivX Setup" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Remote Print" = EPSON Remote Print Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON XP-400 Series" = EPSON XP-400 Series Printer Uninstall
"Everything" = Everything 1.2.1.371
"Fences Pro" = Fences Pro
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LessTabs" = LessTabs
"LTCM Client" = LTCM Client
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NexGen Media Player" = NexGen Media Player - a modern video player
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"PE Builder_is1" = PE Builder 3.1.10a
"PhotoFiltre" = PhotoFiltre
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"PublicWare File Renamer" = PublicWare File Renamer
"QCDrivers" = QuickCam Drivers
"Quick Search Box" = Google Quick Search Box
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Silent Package Run-Time Sample" = EPSON Perf 4490P Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"vsfilter_is1" = DirectVobSub 2.40.4209
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2013 9:28:54 AM | Computer Name = SBGTOSHIBA | Source = Application Error | ID = 1001
Description = Fault bucket -1443339710.

Error - 8/4/2013 9:29:04 AM | Computer Name = SBGTOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application dive.tmp, version 2.6.1.8, faulting module dive.tmp,
version 2.6.1.8, fault address 0x0005724a.

Error - 8/4/2013 9:29:09 AM | Computer Name = SBGTOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 8/4/2013 9:30:13 AM | Computer Name = SBGTOSHIBA | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 8/4/2013 11:27:29 AM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 4.3.215.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/4/2013 12:49:14 PM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8/4/2013 2:37:26 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2013 2:37:32 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1001
Description = Fault bucket -637767468.

Error - 8/4/2013 2:38:25 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2013 2:38:28 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1001
Description = Fault bucket -637767468.

[ System Events ]
Error - 8/3/2013 7:52:40 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 8/3/2013 7:52:53 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/3/2013 9:57:23 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/3/2013 10:11:32 AM | Computer Name = SBGTOSHIBA | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_LAVASOFT_KERNEXPLORER\0000 disappeared from
the system without first being prepared for removal.

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 8/3/2013 12:25:03 PM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 8/3/2013 12:25:03 PM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 8/3/2013 12:25:03 PM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
[2013/07/02 09:03:00 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23813525021731361&ctid=CT3289847&UM=2&sspv=TB_CH2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN23813525021731361&sspv=TB_CH2&UM=2
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## iagoman (Nov 5, 2003)

I hate to say it but... I can't copy/paste that box you sent...
Steve


----------



## Cookiegal (Aug 27, 2003)

I keep forgetting because I've never had anyone with that problem before. I'm sorry you ran into problems when trying to donate to ComboFix. Unfortunately, there are plenty of scams out there trying to cash in on other people's names. 

But before let's run AdwCleaner again as it will likely get them anyway.

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## iagoman (Nov 5, 2003)

# AdwCleaner v2.306 - Logfile created 08/04/2013 at 20:47:26
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steve Galkin - SBGTOSHIBA
# Boot Mode : Normal
# Running from : C:\BIN\AdwCleaner cookie Gal July 2013\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.22] : icon_url = "hxxp://search.conduit.com/fav.ico",
Found [l.25] : keyword = "search.conduit.com",
Found [l.29] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23813525021731361&ctid=CT3289847&UM=2&sspv=TB_CH2",
Found [l.30] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN23813525021731361&sspv=TB_CH2&UM=2"

*************************

AdwCleaner[R3].txt - [7409 octets] - [31/07/2013 18:08:34]
AdwCleaner[R4].txt - [1356 octets] - [04/08/2013 20:47:26]
AdwCleaner[S7].txt - [7670 octets] - [31/07/2013 20:35:25]

########## EOF - C:\AdwCleaner[R4].txt - [1476 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run it again and select the "delete" option and post the resulting log.


----------



## iagoman (Nov 5, 2003)

# AdwCleaner v2.306 - Logfile created 08/05/2013 at 09:42:44
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steve Galkin - SBGTOSHIBA
# Boot Mode : Normal
# Running from : C:\BIN\AdwCleaner cookie Gal July 2013\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R3].txt - [7409 octets] - [31/07/2013 18:08:34]
AdwCleaner[R4].txt - [1545 octets] - [04/08/2013 20:47:26]
AdwCleaner[R5].txt - [1269 octets] - [05/08/2013 09:42:16]
AdwCleaner[S7].txt - [7670 octets] - [31/07/2013 20:35:25]
AdwCleaner[S8].txt - [1538 octets] - [05/08/2013 09:37:06]
AdwCleaner[S9].txt - [1200 octets] - [05/08/2013 09:42:44]

########## EOF - C:\AdwCleaner[S9].txt - [1260 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

I'm curious about the code boxes. If you left-click and hold the left button down on the scroll bar at the bottom are you able to make move from side to side?

I'm attaching a file called "OTLfix.txt". Please save it to your desktop. Then run OTL again and copy and paste the contents of the OTLfix.txt file under the *Custom Scans/Fixes* box at the bottom and then click on the "Run Fix" button at the top. Please post the log it produces.


----------



## iagoman (Nov 5, 2003)

You wrote:"I'm curious about the code boxes. If you left-click and hold the left button down on the scroll bar at the bottom are you able to make move from side to side?"
It doesn't work, at least on this laptop. Do you have the program that allows you to access my computer?
I would let you try it. I pretty familiar with computers (except in this problem) and I know how to copy data. For some reason your suggestion doesn't work. I may try it on my wifes laptop (running Win/7) and see it it works there.


----------



## iagoman (Nov 5, 2003)

========== OTL ==========
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}\skin folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}\locale\en-US folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}\locale folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}\defaults folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB}\content folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{8BD43E5D-6169-4FBD-8560-41FF981862DB} folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 08052013_110732


----------



## Cookiegal (Aug 27, 2003)

iagoman said:


> You wrote:"I'm curious about the code boxes. If you left-click and hold the left button down on the scroll bar at the bottom are you able to make move from side to side?"
> It doesn't work, at least on this laptop. Do you have the program that allows you to access my computer?
> I would let you try it. I pretty familiar with computers (except in this problem) and I know how to copy data. For some reason your suggestion doesn't work. I may try it on my wifes laptop (running Win/7) and see it it works there.


Sorry but we don't allow remote assistance here. But I'm just trying to troubleshoot why it doesn't work. You have no trouble copying and pasting the text in Notepad reports so it's only when it's contained in a code box? Please do try with another laptop if you get the chance just to see if it's specific to this one.


----------



## Cookiegal (Aug 27, 2003)

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## iagoman (Nov 5, 2003)

I can't get the JRT download to get the correct file. I get sent to different site.
I tried a few times. I turned MSE back on till I hear from you.


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## iagoman (Nov 5, 2003)

I hope this is correct.

12:30:13.0703 4992 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:30:14.0062 4992 ============================================================
12:30:14.0062 4992 Current date / time: 2013/08/05 12:30:14.0062
12:30:14.0062 4992 SystemInfo:
12:30:14.0062 4992 
12:30:14.0062 4992 OS Version: 5.1.2600 ServicePack: 3.0
12:30:14.0062 4992 Product type: Workstation
12:30:14.0062 4992 ComputerName: SBGTOSHIBA
12:30:14.0062 4992 UserName: Steve Galkin
12:30:14.0062 4992 Windows directory: C:\WINDOWS
12:30:14.0062 4992 System windows directory: C:\WINDOWS
12:30:14.0062 4992 Processor architecture: Intel x86
12:30:14.0062 4992 Number of processors: 2
12:30:14.0062 4992 Page size: 0x1000
12:30:14.0062 4992 Boot type: Normal boot
12:30:14.0062 4992 ============================================================
12:30:14.0718 4992 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:30:14.0718 4992 Drive \Device\Harddisk1\DR3 - Size: 0x2BAA1475000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:30:14.0718 4992 ============================================================
12:30:14.0718 4992 \Device\Harddisk0\DR0:
12:30:14.0718 4992 MBR partitions:
12:30:14.0718 4992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11988D89
12:30:14.0718 4992 \Device\Harddisk1\DR3:
12:30:14.0937 4992 MBR partitions:
12:30:14.0937 4992 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
12:30:14.0937 4992 ============================================================
12:30:15.0000 4992 C: <-> \Device\Harddisk0\DR0\Partition1
12:30:15.0015 4992 E: <-> \Device\Harddisk1\DR3\Partition1
12:30:15.0015 4992 ============================================================
12:30:15.0015 4992 Initialize success
12:30:15.0015 4992 ============================================================
12:30:19.0546 5612 ============================================================
12:30:19.0546 5612 Scan started
12:30:19.0546 5612 Mode: Manual; 
12:30:19.0546 5612 ============================================================
12:30:19.0734 5612 ================ Scan system memory ========================
12:30:19.0734 5612 System memory - ok
12:30:19.0734 5612 ================ Scan services =============================
12:30:19.0890 5612 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:30:19.0890 5612 !SASCORE - ok
12:30:20.0312 5612 Abiosdsk - ok
12:30:20.0328 5612 abp480n5 - ok
12:30:20.0406 5612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:30:20.0406 5612 ACPI - ok
12:30:20.0406 5612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:30:20.0406 5612 ACPIEC - ok
12:30:20.0468 5612 AcrSch2Svc - ok
12:30:20.0562 5612 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:30:20.0562 5612 AdobeFlashPlayerUpdateSvc - ok
12:30:20.0578 5612 adpu160m - ok
12:30:20.0640 5612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:30:20.0640 5612 aec - ok
12:30:20.0687 5612 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:30:20.0687 5612 AegisP - ok
12:30:20.0734 5612 [ 927CF84B23FCAC998193563BD465FD58 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
12:30:20.0734 5612 afcdp - ok
12:30:20.0734 5612 afcdpsrv - ok
12:30:20.0781 5612 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:30:20.0781 5612 AFD - ok
12:30:20.0859 5612 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
12:30:20.0859 5612 AFS2K - ok
12:30:20.0906 5612 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
12:30:20.0906 5612 AgereModemAudio - ok
12:30:20.0968 5612 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:30:20.0968 5612 AgereSoftModem - ok
12:30:20.0984 5612 Aha154x - ok
12:30:20.0984 5612 aic78u2 - ok
12:30:20.0984 5612 aic78xx - ok
12:30:21.0015 5612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:30:21.0015 5612 Alerter - ok
12:30:21.0046 5612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:30:21.0046 5612 ALG - ok
12:30:21.0046 5612 AliIde - ok
12:30:21.0062 5612 amsint - ok
12:30:21.0156 5612 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:30:21.0156 5612 Apple Mobile Device - ok
12:30:21.0203 5612 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:30:21.0203 5612 AppMgmt - ok
12:30:21.0203 5612 asc - ok
12:30:21.0218 5612 asc3350p - ok
12:30:21.0218 5612 asc3550 - ok
12:30:21.0390 5612 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:30:21.0390 5612 aspnet_state - ok
12:30:21.0421 5612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:30:21.0421 5612 AsyncMac - ok
12:30:21.0453 5612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:30:21.0453 5612 atapi - ok
12:30:21.0453 5612 Atdisk - ok
12:30:21.0484 5612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:30:21.0500 5612 Atmarpc - ok
12:30:21.0546 5612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:30:21.0546 5612 AudioSrv - ok
12:30:21.0593 5612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:30:21.0593 5612 audstub - ok
12:30:21.0656 5612 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
12:30:21.0656 5612 BANTExt - ok
12:30:21.0750 5612 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
12:30:21.0750 5612 BBSvc - ok
12:30:21.0765 5612 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
12:30:21.0765 5612 BBUpdate - ok
12:30:21.0781 5612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:30:21.0781 5612 Beep - ok
12:30:21.0875 5612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:30:21.0875 5612 BITS - ok
12:30:21.0875 5612 Bonjour Service - ok
12:30:21.0937 5612 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:30:21.0937 5612 Browser - ok
12:30:21.0984 5612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:30:21.0984 5612 cbidf2k - ok
12:30:22.0078 5612 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
12:30:22.0078 5612 CCALib8 - ok
12:30:22.0109 5612 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:30:22.0109 5612 CCDECODE - ok
12:30:22.0109 5612 cd20xrnt - ok
12:30:22.0109 5612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:30:22.0109 5612 Cdaudio - ok
12:30:22.0140 5612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:30:22.0140 5612 Cdfs - ok
12:30:22.0156 5612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:30:22.0156 5612 Cdrom - ok
12:30:22.0265 5612 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
12:30:22.0265 5612 CFSvcs - ok
12:30:22.0265 5612 Changer - ok
12:30:22.0328 5612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:30:22.0328 5612 CiSvc - ok
12:30:22.0343 5612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:30:22.0343 5612 ClipSrv - ok
12:30:22.0421 5612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:22.0437 5612 clr_optimization_v2.0.50727_32 - ok
12:30:22.0484 5612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:30:22.0484 5612 clr_optimization_v4.0.30319_32 - ok
12:30:22.0515 5612 CLTNetCnService - ok
12:30:22.0578 5612 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:30:22.0578 5612 CmBatt - ok
12:30:22.0578 5612 CmdIde - ok
12:30:22.0593 5612 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:30:22.0593 5612 Compbatt - ok
12:30:22.0593 5612 COMSysApp - ok
12:30:22.0593 5612 Cpqarray - ok
12:30:22.0671 5612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:30:22.0671 5612 CryptSvc - ok
12:30:22.0671 5612 dac2w2k - ok
12:30:22.0671 5612 dac960nt - ok
12:30:22.0734 5612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:30:22.0750 5612 DcomLaunch - ok
12:30:22.0750 5612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:30:22.0765 5612 Dhcp - ok
12:30:22.0765 5612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:30:22.0765 5612 Disk - ok
12:30:22.0765 5612 dmadmin - ok
12:30:22.0812 5612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:30:22.0812 5612 dmboot - ok
12:30:22.0859 5612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:30:22.0859 5612 dmio - ok
12:30:22.0875 5612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:30:22.0875 5612 dmload - ok
12:30:22.0921 5612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:30:22.0921 5612 dmserver - ok
12:30:22.0984 5612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:30:22.0984 5612 DMusic - ok
12:30:23.0031 5612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:30:23.0031 5612 Dnscache - ok
12:30:23.0078 5612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:30:23.0078 5612 Dot3svc - ok
12:30:23.0078 5612 dpti2o - ok
12:30:23.0093 5612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:30:23.0093 5612 drmkaud - ok
12:30:23.0109 5612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:30:23.0109 5612 EapHost - ok
12:30:23.0218 5612 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
12:30:23.0218 5612 EpsonBidirectionalService - ok
12:30:23.0343 5612 [ 138FA38DC0AC61F39C99B801BF11D867 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
12:30:23.0359 5612 EpsonCustomerParticipation - ok
12:30:23.0390 5612 [ E9EFCB47B90FD5498695BB7FEFD36CAE ] EpsonScanSvc C:\WINDOWS\system32\EscSvc.exe
12:30:23.0390 5612 EpsonScanSvc - ok
12:30:23.0437 5612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:30:23.0437 5612 ERSvc - ok
12:30:23.0515 5612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:30:23.0515 5612 Eventlog - ok
12:30:23.0578 5612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:30:23.0578 5612 EventSystem - ok
12:30:23.0718 5612 [ F10E7AA8BDF4488E3DFA989B8E7F7C9F ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
12:30:23.0718 5612 EvtEng - ok
12:30:23.0812 5612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:30:23.0812 5612 Fastfat - ok
12:30:23.0875 5612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:30:23.0875 5612 FastUserSwitchingCompatibility - ok
12:30:23.0953 5612 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:30:23.0953 5612 Fax - ok
12:30:23.0968 5612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:30:23.0968 5612 Fdc - ok
12:30:23.0968 5612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:30:23.0968 5612 Fips - ok
12:30:23.0984 5612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:30:23.0984 5612 Flpydisk - ok
12:30:23.0984 5612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:30:23.0984 5612 FltMgr - ok
12:30:24.0062 5612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:30:24.0062 5612 FontCache3.0.0.0 - ok
12:30:24.0078 5612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:30:24.0078 5612 Fs_Rec - ok
12:30:24.0109 5612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk  C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:30:24.0109 5612 Ftdisk - ok
12:30:24.0125 5612 [ 4D52C52101492C450518124C592D8925 ] FwLnk C:\WINDOWS\system32\DRIVERS\FwLnk.sys
12:30:24.0125 5612 FwLnk - ok
12:30:24.0203 5612 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:30:24.0203 5612 GEARAspiWDM - ok
12:30:24.0296 5612 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:30:24.0296 5612 GoogleDesktopManager-051210-111108 - ok
12:30:24.0328 5612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:30:24.0328 5612 Gpc - ok
12:30:24.0406 5612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:30:24.0406 5612 gupdate - ok
12:30:24.0406 5612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:30:24.0406 5612 gupdatem - ok
12:30:24.0484 5612 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:30:24.0484 5612 gusvc - ok
12:30:24.0500 5612 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:30:24.0500 5612 HDAudBus - ok
12:30:24.0593 5612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:30:24.0593 5612 helpsvc - ok
12:30:24.0609 5612 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:30:24.0609 5612 HidServ - ok
12:30:24.0625 5612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:30:24.0625 5612 HidUsb - ok
12:30:24.0656 5612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:30:24.0656 5612 hkmsvc - ok
12:30:24.0656 5612 hpn - ok
12:30:24.0734 5612 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:30:24.0734 5612 HPZid412 - ok
12:30:24.0750 5612 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:30:24.0750 5612 HPZipr12 - ok
12:30:24.0796 5612 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:30:24.0796 5612 HPZius12 - ok
12:30:24.0828 5612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:30:24.0828 5612 HTTP - ok
12:30:24.0875 5612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:30:24.0875 5612 HTTPFilter - ok
12:30:24.0890 5612 i2omgmt - ok
12:30:24.0890 5612 i2omp - ok
12:30:24.0906 5612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:30:24.0906 5612 i8042prt - ok
12:30:25.0015 5612 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
12:30:25.0015 5612 IAANTMON - ok
12:30:25.0296 5612 [ 612194ABC69A6DB0E2C49E1544CA93A0 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:30:25.0343 5612 ialm - ok
12:30:25.0390 5612 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
12:30:25.0390 5612 iaStor - ok
12:30:25.0484 5612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:30:25.0484 5612 idsvc - ok
12:30:25.0546 5612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:30:25.0546 5612 Imapi - ok
12:30:25.0578 5612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:30:25.0578 5612 ImapiService - ok
12:30:25.0578 5612 ini910u - ok
12:30:25.0875 5612 [ F7F3328544E1AC2E97CAEA9B39D9B9DE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:30:25.0890 5612 IntcAzAudAddService - ok
12:30:25.0906 5612 IntelIde - ok
12:30:25.0968 5612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:30:25.0968 5612 intelppm - ok
12:30:26.0000 5612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:30:26.0000 5612 Ip6Fw - ok
12:30:26.0031 5612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:30:26.0031 5612 IpFilterDriver - ok
12:30:26.0046 5612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:30:26.0046 5612 IpInIp - ok
12:30:26.0078 5612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:30:26.0078 5612 IpNat - ok
12:30:26.0171 5612 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:30:26.0171 5612 iPod Service - ok
12:30:26.0187 5612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:30:26.0187 5612 IPSec - ok
12:30:26.0234 5612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:30:26.0234 5612 IRENUM - ok
12:30:26.0281 5612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:30:26.0281 5612 isapnp - ok
12:30:26.0468 5612 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:30:26.0468 5612 JavaQuickStarterService - ok
12:30:26.0515 5612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:30:26.0515 5612 Kbdclass - ok
12:30:26.0531 5612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:30:26.0531 5612 kmixer - ok
12:30:26.0562 5612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:30:26.0562 5612 KSecDD - ok
12:30:26.0640 5612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:30:26.0656 5612 lanmanserver - ok
12:30:26.0718 5612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:30:26.0718 5612 lanmanworkstation - ok
12:30:26.0734 5612 lbrtfdc - ok
12:30:26.0796 5612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:30:26.0796 5612 LmHosts - ok
12:30:26.0843 5612 [ 7029AFD96C4A0C9BE264BCB51F03EAB7 ] lusbaudio C:\WINDOWS\system32\drivers\lvsound2.sys
12:30:26.0843 5612 lusbaudio - ok
12:30:26.0875 5612 [ 085A2EEACB0DACB77B9B1ED65A4AB910 ] LVBulk C:\WINDOWS\system32\DRIVERS\LVBulk.sys
12:30:26.0875 5612 LVBulk - ok
12:30:26.0906 5612 [ 6ABBA82AC2D32CD793E78406B5BA239E ] LVVI500A C:\WINDOWS\system32\DRIVERS\lvvi500a.sys
12:30:26.0906 5612 LVVI500A - ok
12:30:27.0031 5612 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:30:27.0031 5612 MDM - ok
12:30:27.0046 5612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:30:27.0062 5612 Messenger - ok
12:30:27.0093 5612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:30:27.0093 5612 mnmdd - ok
12:30:27.0140 5612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:30:27.0140 5612 mnmsrvc - ok
12:30:27.0187 5612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:30:27.0187 5612 Modem - ok
12:30:27.0203 5612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:30:27.0203 5612 Mouclass - ok
12:30:27.0265 5612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:30:27.0265 5612 MountMgr - ok
12:30:27.0328 5612 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:30:27.0328 5612 MozillaMaintenance - ok
12:30:27.0375 5612 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:30:27.0375 5612 MpFilter - ok
12:30:27.0515 5612 [ A69630D039C38018689190234F866D77 ] MpKsl3b1a9202 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E8EC0A83-B00C-42ED-9971-E5AD60BE3889}\MpKsl3b1a9202.sys
12:30:27.0515 5612 MpKsl3b1a9202 - ok
12:30:27.0515 5612 mraid35x - ok
12:30:27.0515 5612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:30:27.0515 5612 MRxDAV - ok
12:30:27.0578 5612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:30:27.0578 5612 MRxSmb - ok
12:30:27.0656 5612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:30:27.0656 5612 MSDTC - ok
12:30:27.0687 5612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:30:27.0687 5612 Msfs - ok
12:30:27.0687 5612 MSIServer - ok
12:30:27.0718 5612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:30:27.0718 5612 MSKSSRV - ok
12:30:27.0812 5612 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:30:27.0812 5612 MsMpSvc - ok
12:30:27.0812 5612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:30:27.0812 5612 MSPCLOCK - ok
12:30:27.0843 5612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:30:27.0843 5612 MSPQM - ok
12:30:27.0875 5612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:30:27.0875 5612 mssmbios - ok
12:30:27.0906 5612 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:30:27.0906 5612 MSTEE - ok
12:30:27.0921 5612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:30:27.0921 5612 Mup - ok
12:30:27.0937 5612 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:30:27.0937 5612 NABTSFEC - ok
12:30:27.0984 5612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:30:27.0984 5612 napagent - ok
12:30:28.0015 5612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:30:28.0015 5612 NDIS - ok
12:30:28.0046 5612 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:30:28.0046 5612 NdisIP - ok
12:30:28.0093 5612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:30:28.0093 5612 NdisTapi - ok
12:30:28.0109 5612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:30:28.0109 5612 Ndisuio - ok
12:30:28.0140 5612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:30:28.0156 5612 NdisWan - ok
12:30:28.0203 5612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:30:28.0203 5612 NDProxy - ok
12:30:28.0218 5612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:30:28.0218 5612 NetBIOS - ok
12:30:28.0250 5612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:30:28.0250 5612 NetBT - ok
12:30:28.0281 5612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:30:28.0281 5612 NetDDE - ok
12:30:28.0281 5612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:30:28.0281 5612 NetDDEdsdm - ok
12:30:28.0312 5612 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
12:30:28.0312 5612 Netdevio - ok
12:30:28.0359 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:30:28.0359 5612 Netlogon - ok
12:30:28.0375 5612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:30:28.0375 5612 Netman - ok
12:30:28.0421 5612 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:30:28.0421 5612 NetTcpPortSharing - ok
12:30:28.0562 5612 [ 88100EBDD10309FBD445EF8E42452EAE ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
12:30:28.0578 5612 NETw4x32 - ok
12:30:28.0625 5612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:30:28.0625 5612 Nla - ok
12:30:28.0687 5612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:30:28.0687 5612 Npfs - ok
12:30:28.0718 5612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:30:28.0718 5612 Ntfs - ok
12:30:28.0718 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:30:28.0718 5612 NtLmSsp - ok
12:30:28.0765 5612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:30:28.0765 5612 NtmsSvc - ok
12:30:28.0828 5612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:30:28.0828 5612 Null - ok
12:30:28.0859 5612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:30:28.0859 5612 NwlnkFlt - ok
12:30:28.0875 5612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:30:28.0875 5612 NwlnkFwd - ok
12:30:28.0906 5612 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:30:28.0906 5612 ose - ok
12:30:28.0953 5612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:30:28.0953 5612 Parport - ok
12:30:28.0968 5612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:30:28.0984 5612 PartMgr - ok
12:30:29.0000 5612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:30:29.0000 5612 ParVdm - ok
12:30:29.0015 5612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:30:29.0015 5612 PCI - ok
12:30:29.0015 5612 PCIDump - ok
12:30:29.0015 5612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:30:29.0015 5612 PCIIde - ok
12:30:29.0031 5612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:30:29.0031 5612 Pcmcia - ok
12:30:29.0031 5612 PDCOMP - ok
12:30:29.0046 5612 PDFRAME - ok
12:30:29.0046 5612 PDRELI - ok
12:30:29.0046 5612 PDRFRAME - ok
12:30:29.0046 5612 perc2 - ok
12:30:29.0062 5612 perc2hib - ok
12:30:29.0109 5612 [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1 ] pinger C:\TOSHIBA\IVP\ISM\pinger.exe
12:30:29.0125 5612 pinger - ok
12:30:29.0140 5612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:30:29.0140 5612 PlugPlay - ok
12:30:29.0187 5612 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
12:30:29.0187 5612 Pml Driver HPZ12 - ok
12:30:29.0187 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:30:29.0187 5612 PolicyAgent - ok
12:30:29.0234 5612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:30:29.0234 5612 PptpMiniport - ok
12:30:29.0250 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:30:29.0250 5612 ProtectedStorage - ok
12:30:29.0250 5612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:30:29.0250 5612 PSched - ok
12:30:29.0296 5612 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
12:30:29.0296 5612 PSI - ok
12:30:29.0343 5612 [ E69FED2E51D196A4A5665B9230DE7C45 ] PSMounter C:\WINDOWS\system32\drivers\psmounter.sys
12:30:29.0359 5612 PSMounter - ok
12:30:29.0359 5612 [ AC7BD82678401A89CC80359806C80364 ] pssnap C:\WINDOWS\system32\DRIVERS\pssnap.sys
12:30:29.0359 5612 pssnap - ok
12:30:29.0375 5612 [ EE4CECB64A1A26F2D91B0AA99668D131 ] PSVolAcc C:\WINDOWS\system32\drivers\PSVolAcc.sys
12:30:29.0375 5612 PSVolAcc - ok
12:30:29.0390 5612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:30:29.0390 5612 Ptilink - ok
12:30:29.0406 5612 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:30:29.0406 5612 PxHelp20 - ok
12:30:29.0406 5612 ql1080 - ok
12:30:29.0406 5612 Ql10wnt - ok
12:30:29.0421 5612 ql12160 - ok
12:30:29.0421 5612 ql1240 - ok
12:30:29.0421 5612 ql1280 - ok
12:30:29.0453 5612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:30:29.0453 5612 RasAcd - ok
12:30:29.0484 5612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:30:29.0484 5612 RasAuto - ok
12:30:29.0515 5612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:30:29.0515 5612 Rasl2tp - ok
12:30:29.0593 5612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:30:29.0593 5612 RasMan - ok
12:30:29.0593 5612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:30:29.0593 5612 RasPppoe - ok
12:30:29.0640 5612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:30:29.0640 5612 Raspti - ok
12:30:29.0656 5612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:30:29.0656 5612 Rdbss - ok
12:30:29.0671 5612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:30:29.0671 5612 RDPCDD - ok
12:30:29.0687 5612 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:30:29.0687 5612 rdpdr - ok
12:30:29.0734 5612 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:30:29.0734 5612 RDPWD - ok
12:30:29.0765 5612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:30:29.0765 5612 RDSessMgr - ok
12:30:29.0796 5612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:30:29.0796 5612 redbook - ok
12:30:29.0921 5612 [ 7A8FD91FD806B1EB1743898DF4C6477A ] ReflectService C:\Program Files\Macrium\Reflect\ReflectService.exe
12:30:29.0921 5612 ReflectService - ok
12:30:30.0000 5612 [ 7274BD434B6165BAA382BDD87F6CA4CE ] RegSrvc  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
12:30:30.0000 5612 RegSrvc - ok
12:30:30.0031 5612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:30:30.0031 5612 RemoteAccess - ok
12:30:30.0062 5612 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:30:30.0062 5612 RemoteRegistry - ok
12:30:30.0078 5612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:30:30.0078 5612 RpcLocator - ok
12:30:30.0125 5612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:30:30.0125 5612 RpcSs - ok
12:30:30.0156 5612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:30:30.0171 5612 RSVP - ok
12:30:30.0218 5612 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:30:30.0218 5612 RTLE8023xp - ok
12:30:30.0265 5612 [ B1C9626C5089A85DE411C1BEDBC5620E ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS
12:30:30.0265 5612 RTSTOR - ok
12:30:30.0375 5612 [ 20F261E78CCF0EA36D4FE2C363A2EF8A ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
12:30:30.0375 5612 S24EventMonitor - ok
12:30:30.0375 5612 [ C26A053E4DB47F6CDD8653C83AAF22EE ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:30:30.0375 5612 s24trans - ok
12:30:30.0421 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:30:30.0421 5612 SamSs - ok
12:30:30.0531 5612 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:30:30.0531 5612 SASDIFSV - ok
12:30:30.0546 5612 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:30:30.0546 5612 SASKUTIL - ok
12:30:30.0578 5612 [ 729248B54AFF21E740054ACEBFDBCB1C ] SBKUPNT C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
12:30:30.0578 5612 SBKUPNT - ok
12:30:30.0640 5612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:30:30.0640 5612 SCardSvr - ok
12:30:30.0687 5612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:30:30.0687 5612 Schedule - ok
12:30:30.0765 5612 [ D193CC0B87D550ACBA3E17FFEC8D2D29 ] Seagate Dashboard Services C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
12:30:30.0765 5612 Seagate Dashboard Services - ok
12:30:30.0781 5612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:30:30.0781 5612 Secdrv - ok
12:30:30.0812 5612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:30:30.0812 5612 seclogon - ok
12:30:30.0937 5612 [ 7198BBFBE46C0070257278C536386687 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
12:30:30.0937 5612 Secunia PSI Agent - ok
12:30:30.0968 5612 [ D2FCA567F9BE87E29B9A9FA32FFE79CA ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
12:30:30.0968 5612 Secunia Update Agent - ok
12:30:31.0031 5612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:30:31.0031 5612 SENS - ok
12:30:31.0078 5612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:30:31.0078 5612 Serial - ok
12:30:31.0125 5612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:30:31.0125 5612 Sfloppy - ok
12:30:31.0187 5612 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:30:31.0187 5612 SharedAccess - ok
12:30:31.0234 5612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:30:31.0250 5612 ShellHWDetection - ok
12:30:31.0250 5612 Simbad - ok
12:30:31.0500 5612 [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:30:31.0515 5612 Skype C2C Service - ok
12:30:31.0640 5612 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:30:31.0640 5612 SkypeUpdate - ok
12:30:31.0687 5612 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:30:31.0687 5612 SLIP - ok
12:30:31.0765 5612 [ 85BADA660D57BC5AEF52B11CABD6D8F9 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
12:30:31.0765 5612 snapman - ok
12:30:31.0765 5612 Sparrow - ok
12:30:31.0781 5612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:30:31.0781 5612 splitter - ok
12:30:31.0843 5612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:30:31.0843 5612 Spooler - ok
12:30:31.0843 5612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:30:31.0859 5612 sr - ok
12:30:31.0875 5612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:30:31.0875 5612 srservice - ok
12:30:31.0937 5612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:30:31.0937 5612 Srv - ok
12:30:31.0968 5612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:30:31.0968 5612 SSDPSRV - ok
12:30:32.0031 5612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:30:32.0046 5612 stisvc - ok
12:30:32.0078 5612 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:30:32.0078 5612 streamip - ok
12:30:32.0109 5612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:30:32.0109 5612 swenum - ok
12:30:32.0125 5612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:30:32.0125 5612 swmidi - ok
12:30:32.0125 5612 SwPrv - ok
12:30:32.0203 5612 [ E1292C1ED4DEB17B8A9B586D22CB2061 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
12:30:32.0203 5612 Swupdtmr - ok
12:30:32.0203 5612 symc810 - ok
12:30:32.0218 5612 symc8xx - ok
12:30:32.0218 5612 sym_hi - ok
12:30:32.0218 5612 sym_u3 - ok
12:30:32.0281 5612 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:30:32.0281 5612 SynTP - ok
12:30:32.0296 5612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:30:32.0296 5612 sysaudio - ok
12:30:32.0328 5612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:30:32.0328 5612 SysmonLog - ok
12:30:32.0375 5612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:30:32.0375 5612 TapiSrv - ok
12:30:32.0468 5612 [ 3F061F306EDFCFED162F820991D4CE87 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
12:30:32.0468 5612 TAPPSRV - ok
12:30:32.0546 5612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:30:32.0546 5612 Tcpip - ok
12:30:32.0578 5612 [ 2F8BFBDB5824C71F672779B4B8CF8B01 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
12:30:32.0578 5612 tdcmdpst - ok
12:30:32.0625 5612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:30:32.0625 5612 TDPIPE - ok
12:30:32.0703 5612 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\WINDOWS\system32\DRIVERS\tdrpm273.sys
12:30:32.0718 5612 tdrpman273 - ok
12:30:32.0750 5612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:30:32.0750 5612 TDTCP - ok
12:30:32.0765 5612 [ F56A9327C58FF985616C5E197472932C ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
12:30:32.0765 5612 tdudf - ok
12:30:32.0796 5612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:30:32.0796 5612 TermDD - ok
12:30:32.0875 5612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:30:32.0875 5612 TermService - ok
12:30:32.0890 5612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:30:32.0890 5612 Themes - ok
12:30:32.0937 5612 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
12:30:32.0937 5612 timounter - ok
12:30:32.0984 5612 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:30:32.0984 5612 TlntSvr - ok
12:30:33.0031 5612 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
12:30:33.0031 5612 TODDSrv - ok
12:30:33.0046 5612 TosIde - ok
12:30:33.0062 5612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:30:33.0062 5612 TrkWks - ok
12:30:33.0078 5612 [ 3F9BA8878AA26D0831116733F9BC53FF ] trudf C:\WINDOWS\system32\DRIVERS\trudf.sys
12:30:33.0093 5612 trudf - ok
12:30:33.0093 5612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:30:33.0093 5612 Udfs - ok
12:30:33.0093 5612 ultra - ok
12:30:33.0156 5612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:30:33.0156 5612 Update - ok
12:30:33.0187 5612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:30:33.0203 5612 upnphost - ok
12:30:33.0218 5612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:30:33.0218 5612 UPS - ok
12:30:33.0265 5612 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:30:33.0265 5612 USBAAPL - ok
12:30:33.0281 5612 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:30:33.0281 5612 usbaudio - ok
12:30:33.0328 5612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:30:33.0328 5612 usbccgp - ok
12:30:33.0390 5612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:30:33.0390 5612 usbehci - ok
12:30:33.0406 5612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:30:33.0406 5612 usbhub - ok
12:30:33.0406 5612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:30:33.0406 5612 usbprint - ok
12:30:33.0484 5612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:30:33.0484 5612 usbscan - ok
12:30:33.0484 5612 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:30:33.0484 5612 usbstor - ok
12:30:33.0484 5612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:30:33.0484 5612 usbuhci - ok
12:30:33.0500 5612 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:30:33.0500 5612 usbvideo - ok
12:30:33.0531 5612 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
12:30:33.0531 5612 UVCFTR - ok
12:30:33.0546 5612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:30:33.0546 5612 VgaSave - ok
12:30:33.0562 5612 ViaIde - ok
12:30:33.0578 5612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:30:33.0578 5612 VolSnap - ok
12:30:33.0625 5612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:30:33.0625 5612 VSS - ok
12:30:33.0656 5612 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:30:33.0656 5612 W32Time - ok
12:30:33.0718 5612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:30:33.0718 5612 Wanarp - ok
12:30:33.0765 5612 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
12:30:33.0765 5612 WDC_SAM - ok
12:30:33.0765 5612 WDICA - ok
12:30:33.0781 5612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:30:33.0781 5612 wdmaud - ok
12:30:33.0828 5612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:30:33.0828 5612 WebClient - ok
12:30:33.0953 5612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:30:33.0953 5612 winmgmt - ok
12:30:34.0078 5612 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:30:34.0093 5612 wlidsvc - ok
12:30:34.0125 5612 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:30:34.0125 5612 WmdmPmSN - ok
12:30:34.0187 5612 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:30:34.0203 5612 Wmi - ok
12:30:34.0265 5612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:30:34.0265 5612 WmiApSrv - ok
12:30:34.0328 5612 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:30:34.0343 5612 WMPNetworkSvc - ok
12:30:34.0484 5612 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:30:34.0484 5612 WPFFontCache_v0400 - ok
12:30:34.0531 5612 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:30:34.0531 5612 WS2IFSL - ok
12:30:34.0593 5612 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:30:34.0593 5612 wscsvc - ok
12:30:34.0656 5612 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:30:34.0656 5612 WSTCODEC - ok
12:30:34.0656 5612 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:30:34.0656 5612 wuauserv - ok
12:30:34.0687 5612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:30:34.0687 5612 WudfPf - ok
12:30:34.0703 5612 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:30:34.0703 5612 WudfRd - ok
12:30:34.0718 5612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:30:34.0718 5612 WudfSvc - ok
12:30:34.0781 5612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:30:34.0781 5612 WZCSVC - ok
12:30:34.0812 5612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:30:34.0828 5612 xmlprov - ok
12:30:34.0828 5612 ================ Scan global ===============================
12:30:34.0875 5612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:30:34.0906 5612 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:30:34.0921 5612 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:30:34.0937 5612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:30:34.0937 5612 [Global] - ok
12:30:34.0937 5612 ================ Scan MBR ==================================
12:30:34.0953 5612 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
12:30:35.0125 5612 \Device\Harddisk0\DR0 - ok
12:30:35.0156 5612 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3
12:30:35.0171 5612 \Device\Harddisk1\DR3 - ok
12:30:35.0171 5612 ================ Scan VBR ==================================
12:30:35.0187 5612 [ 1CFEF13155FBA351737B7C92FFE77CBB ] \Device\Harddisk0\DR0\Partition1
12:30:35.0187 5612 \Device\Harddisk0\DR0\Partition1 - ok
12:30:35.0187 5612 [ E22BB993620F4D08A41009604C26BC7E ] \Device\Harddisk1\DR3\Partition1
12:30:35.0187 5612 \Device\Harddisk1\DR3\Partition1 - ok
12:30:35.0187 5612 ============================================================
12:30:35.0187 5612 Scan finished
12:30:35.0187 5612 ============================================================
12:30:35.0187 5588 Detected object count: 0
12:30:35.0187 5588 Actual detected object count: 0


----------



## iagoman (Nov 5, 2003)

I think this what you want.
Sorry for the error

12:30:13.0703 4992 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:30:14.0062 4992 ============================================================
12:30:14.0062 4992 Current date / time: 2013/08/05 12:30:14.0062
12:30:14.0062 4992 SystemInfo:
12:30:14.0062 4992 
12:30:14.0062 4992 OS Version: 5.1.2600 ServicePack: 3.0
12:30:14.0062 4992 Product type: Workstation
12:30:14.0062 4992 ComputerName: SBGTOSHIBA
12:30:14.0062 4992 UserName: Steve Galkin
12:30:14.0062 4992 Windows directory: C:\WINDOWS
12:30:14.0062 4992 System windows directory: C:\WINDOWS
12:30:14.0062 4992 Processor architecture: Intel x86
12:30:14.0062 4992 Number of processors: 2
12:30:14.0062 4992 Page size: 0x1000
12:30:14.0062 4992 Boot type: Normal boot
12:30:14.0062 4992 ============================================================
12:30:14.0718 4992 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:30:14.0718 4992 Drive \Device\Harddisk1\DR3 - Size: 0x2BAA1475000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:30:14.0718 4992 ============================================================
12:30:14.0718 4992 \Device\Harddisk0\DR0:
12:30:14.0718 4992 MBR partitions:
12:30:14.0718 4992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11988D89
12:30:14.0718 4992 \Device\Harddisk1\DR3:
12:30:14.0937 4992 MBR partitions:
12:30:14.0937 4992 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
12:30:14.0937 4992 ============================================================
12:30:15.0000 4992 C: <-> \Device\Harddisk0\DR0\Partition1
12:30:15.0015 4992 E: <-> \Device\Harddisk1\DR3\Partition1
12:30:15.0015 4992 ============================================================
12:30:15.0015 4992 Initialize success
12:30:15.0015 4992 ============================================================
12:30:19.0546 5612 ============================================================
12:30:19.0546 5612 Scan started
12:30:19.0546 5612 Mode: Manual; 
12:30:19.0546 5612 ============================================================
12:30:19.0734 5612 ================ Scan system memory ========================
12:30:19.0734 5612 System memory - ok
12:30:19.0734 5612 ================ Scan services =============================
12:30:19.0890 5612 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:30:19.0890 5612 !SASCORE - ok
12:30:20.0312 5612 Abiosdsk - ok
12:30:20.0328 5612 abp480n5 - ok
12:30:20.0406 5612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:30:20.0406 5612 ACPI - ok
12:30:20.0406 5612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:30:20.0406 5612 ACPIEC - ok
12:30:20.0468 5612 AcrSch2Svc - ok
12:30:20.0562 5612 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:30:20.0562 5612 AdobeFlashPlayerUpdateSvc - ok
12:30:20.0578 5612 adpu160m - ok
12:30:20.0640 5612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:30:20.0640 5612 aec - ok
12:30:20.0687 5612 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:30:20.0687 5612 AegisP - ok
12:30:20.0734 5612 [ 927CF84B23FCAC998193563BD465FD58 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
12:30:20.0734 5612 afcdp - ok
12:30:20.0734 5612 afcdpsrv - ok
12:30:20.0781 5612 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:30:20.0781 5612 AFD - ok
12:30:20.0859 5612 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
12:30:20.0859 5612 AFS2K - ok
12:30:20.0906 5612 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
12:30:20.0906 5612 AgereModemAudio - ok
12:30:20.0968 5612 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:30:20.0968 5612 AgereSoftModem - ok
12:30:20.0984 5612 Aha154x - ok
12:30:20.0984 5612 aic78u2 - ok
12:30:20.0984 5612 aic78xx - ok
12:30:21.0015 5612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:30:21.0015 5612 Alerter - ok
12:30:21.0046 5612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:30:21.0046 5612 ALG - ok
12:30:21.0046 5612 AliIde - ok
12:30:21.0062 5612 amsint - ok
12:30:21.0156 5612 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:30:21.0156 5612 Apple Mobile Device - ok
12:30:21.0203 5612 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:30:21.0203 5612 AppMgmt - ok
12:30:21.0203 5612 asc - ok
12:30:21.0218 5612 asc3350p - ok
12:30:21.0218 5612 asc3550 - ok
12:30:21.0390 5612 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:30:21.0390 5612 aspnet_state - ok
12:30:21.0421 5612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:30:21.0421 5612 AsyncMac - ok
12:30:21.0453 5612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:30:21.0453 5612 atapi - ok
12:30:21.0453 5612 Atdisk - ok
12:30:21.0484 5612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:30:21.0500 5612 Atmarpc - ok
12:30:21.0546 5612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:30:21.0546 5612 AudioSrv - ok
12:30:21.0593 5612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:30:21.0593 5612 audstub - ok
12:30:21.0656 5612 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
12:30:21.0656 5612 BANTExt - ok
12:30:21.0750 5612 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
12:30:21.0750 5612 BBSvc - ok
12:30:21.0765 5612 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
12:30:21.0765 5612 BBUpdate - ok
12:30:21.0781 5612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:30:21.0781 5612 Beep - ok
12:30:21.0875 5612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:30:21.0875 5612 BITS - ok
12:30:21.0875 5612 Bonjour Service - ok
12:30:21.0937 5612 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:30:21.0937 5612 Browser - ok
12:30:21.0984 5612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:30:21.0984 5612 cbidf2k - ok
12:30:22.0078 5612 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
12:30:22.0078 5612 CCALib8 - ok
12:30:22.0109 5612 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:30:22.0109 5612 CCDECODE - ok
12:30:22.0109 5612 cd20xrnt - ok
12:30:22.0109 5612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:30:22.0109 5612 Cdaudio - ok
12:30:22.0140 5612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:30:22.0140 5612 Cdfs - ok
12:30:22.0156 5612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:30:22.0156 5612 Cdrom - ok
12:30:22.0265 5612 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
12:30:22.0265 5612 CFSvcs - ok
12:30:22.0265 5612 Changer - ok
12:30:22.0328 5612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:30:22.0328 5612 CiSvc - ok
12:30:22.0343 5612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:30:22.0343 5612 ClipSrv - ok
12:30:22.0421 5612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:22.0437 5612 clr_optimization_v2.0.50727_32 - ok
12:30:22.0484 5612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:30:22.0484 5612 clr_optimization_v4.0.30319_32 - ok
12:30:22.0515 5612 CLTNetCnService - ok
12:30:22.0578 5612 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:30:22.0578 5612 CmBatt - ok
12:30:22.0578 5612 CmdIde - ok
12:30:22.0593 5612 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:30:22.0593 5612 Compbatt - ok
12:30:22.0593 5612 COMSysApp - ok
12:30:22.0593 5612 Cpqarray - ok
12:30:22.0671 5612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:30:22.0671 5612 CryptSvc - ok
12:30:22.0671 5612 dac2w2k - ok
12:30:22.0671 5612 dac960nt - ok
12:30:22.0734 5612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:30:22.0750 5612 DcomLaunch - ok
12:30:22.0750 5612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:30:22.0765 5612 Dhcp - ok
12:30:22.0765 5612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:30:22.0765 5612 Disk - ok
12:30:22.0765 5612 dmadmin - ok
12:30:22.0812 5612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:30:22.0812 5612 dmboot - ok
12:30:22.0859 5612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:30:22.0859 5612 dmio - ok
12:30:22.0875 5612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:30:22.0875 5612 dmload - ok
12:30:22.0921 5612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:30:22.0921 5612 dmserver - ok
12:30:22.0984 5612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:30:22.0984 5612 DMusic - ok
12:30:23.0031 5612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:30:23.0031 5612 Dnscache - ok
12:30:23.0078 5612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:30:23.0078 5612 Dot3svc - ok
12:30:23.0078 5612 dpti2o - ok
12:30:23.0093 5612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:30:23.0093 5612 drmkaud - ok
12:30:23.0109 5612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:30:23.0109 5612 EapHost - ok
12:30:23.0218 5612 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
12:30:23.0218 5612 EpsonBidirectionalService - ok
12:30:23.0343 5612 [ 138FA38DC0AC61F39C99B801BF11D867 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
12:30:23.0359 5612 EpsonCustomerParticipation - ok
12:30:23.0390 5612 [ E9EFCB47B90FD5498695BB7FEFD36CAE ] EpsonScanSvc C:\WINDOWS\system32\EscSvc.exe
12:30:23.0390 5612 EpsonScanSvc - ok
12:30:23.0437 5612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:30:23.0437 5612 ERSvc - ok
12:30:23.0515 5612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:30:23.0515 5612 Eventlog - ok
12:30:23.0578 5612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:30:23.0578 5612 EventSystem - ok
12:30:23.0718 5612 [ F10E7AA8BDF4488E3DFA989B8E7F7C9F ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
12:30:23.0718 5612 EvtEng - ok
12:30:23.0812 5612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:30:23.0812 5612 Fastfat - ok
12:30:23.0875 5612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:30:23.0875 5612 FastUserSwitchingCompatibility - ok
12:30:23.0953 5612 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:30:23.0953 5612 Fax - ok
12:30:23.0968 5612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:30:23.0968 5612 Fdc - ok
12:30:23.0968 5612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:30:23.0968 5612 Fips - ok
12:30:23.0984 5612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:30:23.0984 5612 Flpydisk - ok
12:30:23.0984 5612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:30:23.0984 5612 FltMgr - ok
12:30:24.0062 5612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:30:24.0062 5612 FontCache3.0.0.0 - ok
12:30:24.0078 5612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:30:24.0078 5612 Fs_Rec - ok
12:30:24.0109 5612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:30:24.0109 5612 Ftdisk - ok
12:30:24.0125 5612 [ 4D52C52101492C450518124C592D8925 ] FwLnk C:\WINDOWS\system32\DRIVERS\FwLnk.sys
12:30:24.0125 5612 FwLnk - ok
12:30:24.0203 5612 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:30:24.0203 5612 GEARAspiWDM - ok
12:30:24.0296 5612 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:30:24.0296 5612 GoogleDesktopManager-051210-111108 - ok
12:30:24.0328 5612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:30:24.0328 5612 Gpc - ok
12:30:24.0406 5612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:30:24.0406 5612 gupdate - ok
12:30:24.0406 5612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:30:24.0406 5612 gupdatem - ok
12:30:24.0484 5612 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:30:24.0484 5612 gusvc - ok
12:30:24.0500 5612 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:30:24.0500 5612 HDAudBus - ok
12:30:24.0593 5612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:30:24.0593 5612 helpsvc - ok
12:30:24.0609 5612 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:30:24.0609 5612 HidServ - ok
12:30:24.0625 5612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:30:24.0625 5612 HidUsb - ok
12:30:24.0656 5612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:30:24.0656 5612 hkmsvc - ok
12:30:24.0656 5612 hpn - ok
12:30:24.0734 5612 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:30:24.0734 5612 HPZid412 - ok
12:30:24.0750 5612 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:30:24.0750 5612 HPZipr12 - ok
12:30:24.0796 5612 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:30:24.0796 5612 HPZius12 - ok
12:30:24.0828 5612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:30:24.0828 5612 HTTP - ok
12:30:24.0875 5612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:30:24.0875 5612 HTTPFilter - ok
12:30:24.0890 5612 i2omgmt - ok
12:30:24.0890 5612 i2omp - ok
12:30:24.0906 5612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:30:24.0906 5612 i8042prt - ok
12:30:25.0015 5612 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
12:30:25.0015 5612 IAANTMON - ok
12:30:25.0296 5612 [ 612194ABC69A6DB0E2C49E1544CA93A0 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:30:25.0343 5612 ialm - ok
12:30:25.0390 5612 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
12:30:25.0390 5612 iaStor - ok
12:30:25.0484 5612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:30:25.0484 5612 idsvc - ok
12:30:25.0546 5612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:30:25.0546 5612 Imapi - ok
12:30:25.0578 5612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:30:25.0578 5612 ImapiService - ok
12:30:25.0578 5612 ini910u - ok
12:30:25.0875 5612 [ F7F3328544E1AC2E97CAEA9B39D9B9DE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:30:25.0890 5612 IntcAzAudAddService - ok
12:30:25.0906 5612 IntelIde - ok
12:30:25.0968 5612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:30:25.0968 5612 intelppm - ok
12:30:26.0000 5612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:30:26.0000 5612 Ip6Fw - ok
12:30:26.0031 5612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:30:26.0031 5612 IpFilterDriver - ok
12:30:26.0046 5612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:30:26.0046 5612 IpInIp - ok
12:30:26.0078 5612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:30:26.0078 5612 IpNat - ok
12:30:26.0171 5612 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:30:26.0171 5612 iPod Service - ok
12:30:26.0187 5612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:30:26.0187 5612 IPSec - ok
12:30:26.0234 5612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:30:26.0234 5612 IRENUM - ok
12:30:26.0281 5612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:30:26.0281 5612 isapnp - ok
12:30:26.0468 5612 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:30:26.0468 5612 JavaQuickStarterService - ok
12:30:26.0515 5612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:30:26.0515 5612 Kbdclass - ok
12:30:26.0531 5612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:30:26.0531 5612 kmixer - ok
12:30:26.0562 5612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:30:26.0562 5612 KSecDD - ok
12:30:26.0640 5612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:30:26.0656 5612 lanmanserver - ok
12:30:26.0718 5612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:30:26.0718 5612 lanmanworkstation - ok
12:30:26.0734 5612 lbrtfdc - ok
12:30:26.0796 5612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:30:26.0796 5612 LmHosts - ok
12:30:26.0843 5612 [ 7029AFD96C4A0C9BE264BCB51F03EAB7 ] lusbaudio C:\WINDOWS\system32\drivers\lvsound2.sys
12:30:26.0843 5612 lusbaudio - ok
12:30:26.0875 5612 [ 085A2EEACB0DACB77B9B1ED65A4AB910 ] LVBulk C:\WINDOWS\system32\DRIVERS\LVBulk.sys
12:30:26.0875 5612 LVBulk - ok
12:30:26.0906 5612 [ 6ABBA82AC2D32CD793E78406B5BA239E ] LVVI500A C:\WINDOWS\system32\DRIVERS\lvvi500a.sys
12:30:26.0906 5612 LVVI500A - ok
12:30:27.0031 5612 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:30:27.0031 5612 MDM - ok
12:30:27.0046 5612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:30:27.0062 5612 Messenger - ok
12:30:27.0093 5612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:30:27.0093 5612 mnmdd - ok
12:30:27.0140 5612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:30:27.0140 5612 mnmsrvc - ok
12:30:27.0187 5612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:30:27.0187 5612 Modem - ok
12:30:27.0203 5612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:30:27.0203 5612 Mouclass - ok
12:30:27.0265 5612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:30:27.0265 5612 MountMgr - ok
12:30:27.0328 5612 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:30:27.0328 5612 MozillaMaintenance - ok
12:30:27.0375 5612 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:30:27.0375 5612 MpFilter - ok
12:30:27.0515 5612 [ A69630D039C38018689190234F866D77 ] MpKsl3b1a9202 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E8EC0A83-B00C-42ED-9971-E5AD60BE3889}\MpKsl3b1a9202.sys
12:30:27.0515 5612 MpKsl3b1a9202 - ok
12:30:27.0515 5612 mraid35x - ok
12:30:27.0515 5612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:30:27.0515 5612 MRxDAV - ok
12:30:27.0578 5612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:30:27.0578 5612 MRxSmb - ok
12:30:27.0656 5612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:30:27.0656 5612 MSDTC - ok
12:30:27.0687 5612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:30:27.0687 5612 Msfs - ok
12:30:27.0687 5612 MSIServer - ok
12:30:27.0718 5612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:30:27.0718 5612 MSKSSRV - ok
12:30:27.0812 5612 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:30:27.0812 5612 MsMpSvc - ok
12:30:27.0812 5612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:30:27.0812 5612 MSPCLOCK - ok
12:30:27.0843 5612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:30:27.0843 5612 MSPQM - ok
12:30:27.0875 5612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:30:27.0875 5612 mssmbios - ok
12:30:27.0906 5612 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:30:27.0906 5612 MSTEE - ok
12:30:27.0921 5612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:30:27.0921 5612 Mup - ok
12:30:27.0937 5612 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:30:27.0937 5612 NABTSFEC - ok
12:30:27.0984 5612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:30:27.0984 5612 napagent - ok
12:30:28.0015 5612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:30:28.0015 5612 NDIS - ok
12:30:28.0046 5612 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:30:28.0046 5612 NdisIP - ok
12:30:28.0093 5612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:30:28.0093 5612 NdisTapi - ok
12:30:28.0109 5612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:30:28.0109 5612 Ndisuio - ok
12:30:28.0140 5612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:30:28.0156 5612 NdisWan - ok
12:30:28.0203 5612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:30:28.0203 5612 NDProxy - ok
12:30:28.0218 5612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:30:28.0218 5612 NetBIOS - ok
12:30:28.0250 5612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:30:28.0250 5612 NetBT - ok
12:30:28.0281 5612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:30:28.0281 5612 NetDDE - ok
12:30:28.0281 5612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:30:28.0281 5612 NetDDEdsdm - ok
12:30:28.0312 5612 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
12:30:28.0312 5612 Netdevio - ok
12:30:28.0359 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:30:28.0359 5612 Netlogon - ok
12:30:28.0375 5612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:30:28.0375 5612 Netman - ok
12:30:28.0421 5612 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:30:28.0421 5612 NetTcpPortSharing - ok
12:30:28.0562 5612 [ 88100EBDD10309FBD445EF8E42452EAE ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
12:30:28.0578 5612 NETw4x32 - ok
12:30:28.0625 5612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:30:28.0625 5612 Nla - ok
12:30:28.0687 5612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:30:28.0687 5612 Npfs - ok
12:30:28.0718 5612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:30:28.0718 5612 Ntfs - ok
12:30:28.0718 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:30:28.0718 5612 NtLmSsp - ok
12:30:28.0765 5612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:30:28.0765 5612 NtmsSvc - ok
12:30:28.0828 5612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:30:28.0828 5612 Null - ok
12:30:28.0859 5612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:30:28.0859 5612 NwlnkFlt - ok
12:30:28.0875 5612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:30:28.0875 5612 NwlnkFwd - ok
12:30:28.0906 5612 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:30:28.0906 5612 ose - ok
12:30:28.0953 5612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:30:28.0953 5612 Parport - ok
12:30:28.0968 5612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:30:28.0984 5612 PartMgr - ok
12:30:29.0000 5612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:30:29.0000 5612 ParVdm - ok
12:30:29.0015 5612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:30:29.0015 5612 PCI - ok
12:30:29.0015 5612 PCIDump - ok
12:30:29.0015 5612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:30:29.0015 5612 PCIIde - ok
12:30:29.0031 5612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:30:29.0031 5612 Pcmcia - ok
12:30:29.0031 5612 PDCOMP - ok
12:30:29.0046 5612 PDFRAME - ok
12:30:29.0046 5612 PDRELI - ok
12:30:29.0046 5612 PDRFRAME - ok
12:30:29.0046 5612 perc2 - ok
12:30:29.0062 5612 perc2hib - ok
12:30:29.0109 5612 [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1 ] pinger C:\TOSHIBA\IVP\ISM\pinger.exe
12:30:29.0125 5612 pinger - ok
12:30:29.0140 5612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:30:29.0140 5612 PlugPlay - ok
12:30:29.0187 5612 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
12:30:29.0187 5612 Pml Driver HPZ12 - ok
12:30:29.0187 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:30:29.0187 5612 PolicyAgent - ok
12:30:29.0234 5612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:30:29.0234 5612 PptpMiniport - ok
12:30:29.0250 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:30:29.0250 5612 ProtectedStorage - ok
12:30:29.0250 5612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:30:29.0250 5612 PSched - ok
12:30:29.0296 5612 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
12:30:29.0296 5612 PSI - ok
12:30:29.0343 5612 [ E69FED2E51D196A4A5665B9230DE7C45 ] PSMounter C:\WINDOWS\system32\drivers\psmounter.sys
12:30:29.0359 5612 PSMounter - ok
12:30:29.0359 5612 [ AC7BD82678401A89CC80359806C80364 ] pssnap C:\WINDOWS\system32\DRIVERS\pssnap.sys
12:30:29.0359 5612 pssnap - ok
12:30:29.0375 5612 [ EE4CECB64A1A26F2D91B0AA99668D131 ] PSVolAcc C:\WINDOWS\system32\drivers\PSVolAcc.sys
12:30:29.0375 5612 PSVolAcc - ok
12:30:29.0390 5612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:30:29.0390 5612 Ptilink - ok
12:30:29.0406 5612 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:30:29.0406 5612 PxHelp20 - ok
12:30:29.0406 5612 ql1080 - ok
12:30:29.0406 5612 Ql10wnt - ok
12:30:29.0421 5612 ql12160 - ok
12:30:29.0421 5612 ql1240 - ok
12:30:29.0421 5612 ql1280 - ok
12:30:29.0453 5612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:30:29.0453 5612 RasAcd - ok
12:30:29.0484 5612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:30:29.0484 5612 RasAuto - ok
12:30:29.0515 5612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:30:29.0515 5612 Rasl2tp - ok
12:30:29.0593 5612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:30:29.0593 5612 RasMan - ok
12:30:29.0593 5612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:30:29.0593 5612 RasPppoe - ok
12:30:29.0640 5612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:30:29.0640 5612 Raspti - ok
12:30:29.0656 5612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:30:29.0656 5612 Rdbss - ok
12:30:29.0671 5612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:30:29.0671 5612 RDPCDD - ok
12:30:29.0687 5612 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:30:29.0687 5612 rdpdr - ok
12:30:29.0734 5612 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:30:29.0734 5612 RDPWD - ok
12:30:29.0765 5612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:30:29.0765 5612 RDSessMgr - ok
12:30:29.0796 5612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:30:29.0796 5612 redbook - ok
12:30:29.0921 5612 [ 7A8FD91FD806B1EB1743898DF4C6477A ] ReflectService C:\Program Files\Macrium\Reflect\ReflectService.exe
12:30:29.0921 5612 ReflectService - ok
12:30:30.0000 5612 [ 7274BD434B6165BAA382BDD87F6CA4CE ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
12:30:30.0000 5612 RegSrvc - ok
12:30:30.0031 5612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:30:30.0031 5612 RemoteAccess - ok
12:30:30.0062 5612 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:30:30.0062 5612 RemoteRegistry - ok
12:30:30.0078 5612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:30:30.0078 5612 RpcLocator - ok
12:30:30.0125 5612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:30:30.0125 5612 RpcSs - ok
12:30:30.0156 5612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:30:30.0171 5612 RSVP - ok
12:30:30.0218 5612 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:30:30.0218 5612 RTLE8023xp - ok
12:30:30.0265 5612 [ B1C9626C5089A85DE411C1BEDBC5620E ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS
12:30:30.0265 5612 RTSTOR - ok
12:30:30.0375 5612 [ 20F261E78CCF0EA36D4FE2C363A2EF8A ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
12:30:30.0375 5612 S24EventMonitor - ok
12:30:30.0375 5612 [ C26A053E4DB47F6CDD8653C83AAF22EE ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:30:30.0375 5612 s24trans - ok
12:30:30.0421 5612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:30:30.0421 5612 SamSs - ok
12:30:30.0531 5612 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:30:30.0531 5612 SASDIFSV - ok
12:30:30.0546 5612 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:30:30.0546 5612 SASKUTIL - ok
12:30:30.0578 5612 [ 729248B54AFF21E740054ACEBFDBCB1C ] SBKUPNT C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
12:30:30.0578 5612 SBKUPNT - ok
12:30:30.0640 5612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:30:30.0640 5612 SCardSvr - ok
12:30:30.0687 5612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:30:30.0687 5612 Schedule - ok
12:30:30.0765 5612 [ D193CC0B87D550ACBA3E17FFEC8D2D29 ] Seagate Dashboard Services C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
12:30:30.0765 5612 Seagate Dashboard Services - ok
12:30:30.0781 5612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:30:30.0781 5612 Secdrv - ok
12:30:30.0812 5612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:30:30.0812 5612 seclogon - ok
12:30:30.0937 5612 [ 7198BBFBE46C0070257278C536386687 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
12:30:30.0937 5612 Secunia PSI Agent - ok
12:30:30.0968 5612 [ D2FCA567F9BE87E29B9A9FA32FFE79CA ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
12:30:30.0968 5612 Secunia Update Agent - ok
12:30:31.0031 5612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:30:31.0031 5612 SENS - ok
12:30:31.0078 5612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:30:31.0078 5612 Serial - ok
12:30:31.0125 5612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:30:31.0125 5612 Sfloppy - ok
12:30:31.0187 5612 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:30:31.0187 5612 SharedAccess - ok
12:30:31.0234 5612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:30:31.0250 5612 ShellHWDetection - ok
12:30:31.0250 5612 Simbad - ok
12:30:31.0500 5612 [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:30:31.0515 5612 Skype C2C Service - ok
12:30:31.0640 5612 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:30:31.0640 5612 SkypeUpdate - ok
12:30:31.0687 5612 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:30:31.0687 5612 SLIP - ok
12:30:31.0765 5612 [ 85BADA660D57BC5AEF52B11CABD6D8F9 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
12:30:31.0765 5612 snapman - ok
12:30:31.0765 5612 Sparrow - ok
12:30:31.0781 5612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:30:31.0781 5612 splitter - ok
12:30:31.0843 5612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:30:31.0843 5612 Spooler - ok
12:30:31.0843 5612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:30:31.0859 5612 sr - ok
12:30:31.0875 5612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:30:31.0875 5612 srservice - ok
12:30:31.0937 5612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:30:31.0937 5612 Srv - ok
12:30:31.0968 5612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:30:31.0968 5612 SSDPSRV - ok
12:30:32.0031 5612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:30:32.0046 5612 stisvc - ok
12:30:32.0078 5612 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:30:32.0078 5612 streamip - ok
12:30:32.0109 5612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:30:32.0109 5612 swenum - ok
12:30:32.0125 5612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:30:32.0125 5612 swmidi - ok
12:30:32.0125 5612 SwPrv - ok
12:30:32.0203 5612 [ E1292C1ED4DEB17B8A9B586D22CB2061 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
12:30:32.0203 5612 Swupdtmr - ok
12:30:32.0203 5612 symc810 - ok
12:30:32.0218 5612 symc8xx - ok
12:30:32.0218 5612 sym_hi - ok
12:30:32.0218 5612 sym_u3 - ok
12:30:32.0281 5612 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:30:32.0281 5612 SynTP - ok
12:30:32.0296 5612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:30:32.0296 5612 sysaudio - ok
12:30:32.0328 5612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:30:32.0328 5612 SysmonLog - ok
12:30:32.0375 5612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:30:32.0375 5612 TapiSrv - ok
12:30:32.0468 5612 [ 3F061F306EDFCFED162F820991D4CE87 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
12:30:32.0468 5612 TAPPSRV - ok
12:30:32.0546 5612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:30:32.0546 5612 Tcpip - ok
12:30:32.0578 5612 [ 2F8BFBDB5824C71F672779B4B8CF8B01 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
12:30:32.0578 5612 tdcmdpst - ok
12:30:32.0625 5612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:30:32.0625 5612 TDPIPE - ok
12:30:32.0703 5612 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\WINDOWS\system32\DRIVERS\tdrpm273.sys
12:30:32.0718 5612 tdrpman273 - ok
12:30:32.0750 5612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:30:32.0750 5612 TDTCP - ok
12:30:32.0765 5612 [ F56A9327C58FF985616C5E197472932C ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
12:30:32.0765 5612 tdudf - ok
12:30:32.0796 5612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:30:32.0796 5612 TermDD - ok
12:30:32.0875 5612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:30:32.0875 5612 TermService - ok
12:30:32.0890 5612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:30:32.0890 5612 Themes - ok
12:30:32.0937 5612 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
12:30:32.0937 5612 timounter - ok
12:30:32.0984 5612 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:30:32.0984 5612 TlntSvr - ok
12:30:33.0031 5612 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
12:30:33.0031 5612 TODDSrv - ok
12:30:33.0046 5612 TosIde - ok
12:30:33.0062 5612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:30:33.0062 5612 TrkWks - ok
12:30:33.0078 5612 [ 3F9BA8878AA26D0831116733F9BC53FF ] trudf C:\WINDOWS\system32\DRIVERS\trudf.sys
12:30:33.0093 5612 trudf - ok
12:30:33.0093 5612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:30:33.0093 5612 Udfs - ok
12:30:33.0093 5612 ultra - ok
12:30:33.0156 5612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:30:33.0156 5612 Update - ok
12:30:33.0187 5612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:30:33.0203 5612 upnphost - ok
12:30:33.0218 5612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:30:33.0218 5612 UPS - ok
12:30:33.0265 5612 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:30:33.0265 5612 USBAAPL - ok
12:30:33.0281 5612 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:30:33.0281 5612 usbaudio - ok
12:30:33.0328 5612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:30:33.0328 5612 usbccgp - ok
12:30:33.0390 5612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:30:33.0390 5612 usbehci - ok
12:30:33.0406 5612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:30:33.0406 5612 usbhub - ok
12:30:33.0406 5612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:30:33.0406 5612 usbprint - ok
12:30:33.0484 5612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:30:33.0484 5612 usbscan - ok
12:30:33.0484 5612 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:30:33.0484 5612 usbstor - ok
12:30:33.0484 5612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:30:33.0484 5612 usbuhci - ok
12:30:33.0500 5612 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:30:33.0500 5612 usbvideo - ok
12:30:33.0531 5612 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
12:30:33.0531 5612 UVCFTR - ok
12:30:33.0546 5612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:30:33.0546 5612 VgaSave - ok
12:30:33.0562 5612 ViaIde - ok
12:30:33.0578 5612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:30:33.0578 5612 VolSnap - ok
12:30:33.0625 5612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:30:33.0625 5612 VSS - ok
12:30:33.0656 5612 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:30:33.0656 5612 W32Time - ok
12:30:33.0718 5612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:30:33.0718 5612 Wanarp - ok
12:30:33.0765 5612 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
12:30:33.0765 5612 WDC_SAM - ok
12:30:33.0765 5612 WDICA - ok
12:30:33.0781 5612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:30:33.0781 5612 wdmaud - ok
12:30:33.0828 5612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:30:33.0828 5612 WebClient - ok
12:30:33.0953 5612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:30:33.0953 5612 winmgmt - ok
12:30:34.0078 5612 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:30:34.0093 5612 wlidsvc - ok
12:30:34.0125 5612 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:30:34.0125 5612 WmdmPmSN - ok
12:30:34.0187 5612 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:30:34.0203 5612 Wmi - ok
12:30:34.0265 5612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:30:34.0265 5612 WmiApSrv - ok
12:30:34.0328 5612 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:30:34.0343 5612 WMPNetworkSvc - ok
12:30:34.0484 5612 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:30:34.0484 5612 WPFFontCache_v0400 - ok
12:30:34.0531 5612 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:30:34.0531 5612 WS2IFSL - ok
12:30:34.0593 5612 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:30:34.0593 5612 wscsvc - ok
12:30:34.0656 5612 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:30:34.0656 5612 WSTCODEC - ok
12:30:34.0656 5612 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:30:34.0656 5612 wuauserv - ok
12:30:34.0687 5612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:30:34.0687 5612 WudfPf - ok
12:30:34.0703 5612 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:30:34.0703 5612 WudfRd - ok
12:30:34.0718 5612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:30:34.0718 5612 WudfSvc - ok
12:30:34.0781 5612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:30:34.0781 5612 WZCSVC - ok
12:30:34.0812 5612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:30:34.0828 5612 xmlprov - ok
12:30:34.0828 5612 ================ Scan global ===============================
12:30:34.0875 5612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:30:34.0906 5612 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:30:34.0921 5612 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:30:34.0937 5612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:30:34.0937 5612 [Global] - ok
12:30:34.0937 5612 ================ Scan MBR ==================================
12:30:34.0953 5612 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
12:30:35.0125 5612 \Device\Harddisk0\DR0 - ok
12:30:35.0156 5612 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3
12:30:35.0171 5612 \Device\Harddisk1\DR3 - ok
12:30:35.0171 5612 ================ Scan VBR ==================================
12:30:35.0187 5612 [ 1CFEF13155FBA351737B7C92FFE77CBB ] \Device\Harddisk0\DR0\Partition1
12:30:35.0187 5612 \Device\Harddisk0\DR0\Partition1 - ok
12:30:35.0187 5612 [ E22BB993620F4D08A41009604C26BC7E ] \Device\Harddisk1\DR3\Partition1
12:30:35.0187 5612 \Device\Harddisk1\DR3\Partition1 - ok
12:30:35.0187 5612 ============================================================
12:30:35.0187 5612 Scan finished
12:30:35.0187 5612 ============================================================
12:30:35.0187 5588 Detected object count: 0
12:30:35.0187 5588 Actual detected object count: 0
12:30:56.0781 4196 Deinitialize success


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## iagoman (Nov 5, 2003)

Something is really wrong...I can't get to the COMBOFIX.exe download.
Too bad I already deleted the file and cleaned out my trash.


----------



## iagoman (Nov 5, 2003)

I went to my backup file from 2 days ago and copied the COMBOFIX.exe file to my current desktop and ran it.ComboFix 13-08-01.01 - Steve Galkin 08/05/2013 14:20:28.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2091 [GMT -4:00]
Running from: c:\documents and settings\Steve Galkin\Desktop\puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 )))))))))))))))))))))))))))))))
.
.
2013-08-05 18:10 . 2013-08-05 18:10	29904	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B710BA-49F2-4DA8-9B82-030F0F643BCE}\MpKsl8e305be3.sys
2013-08-05 17:57 . 2013-07-02 06:54	7143960	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B710BA-49F2-4DA8-9B82-030F0F643BCE}\mpengine.dll
2013-08-05 16:14 . 2013-07-02 06:54	7143960	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-05 15:07 . 2013-08-05 15:07	--------	d-----w-	C:\_OTL
2013-08-03 12:00 . 2013-08-03 12:04	--------	d-----w-	c:\windows\system32\MRT
2013-07-26 15:15 . 2013-08-01 13:07	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 15:15 . 2013-08-01 13:07	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-24 12:22 . 2013-07-24 14:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2013-07-24 12:22 . 2013-07-24 14:56	--------	d-----w-	c:\documents and settings\Steve Galkin\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-25 23:21 . 2013-06-19 22:27	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-07-25 23:21 . 2013-06-19 22:27	144896	----a-w-	c:\windows\system32\javacpl.cpl
2013-07-25 23:21 . 2012-10-04 22:26	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-07-25 23:21 . 2010-05-14 01:40	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-05 00:45 . 2013-06-27 19:13	0	----a-w-	c:\windows\system32\TempWmicBatchFile.bat
2013-06-19 01:50 . 2009-06-18 22:48	211560	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-14 20:45 . 2013-06-14 20:44	8281168	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-06-08 03:55 . 2008-03-07 01:15	385024	----a-w-	c:\windows\system32\html.iec
2013-06-07 21:56 . 2008-03-07 01:16	920064	----a-w-	c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2008-03-07 01:15	43520	------w-	c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2008-03-07 01:15	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-06-07 20:37 . 2013-06-07 20:37	715038	----a-w-	c:\windows\unins000.exe
2013-06-04 07:23 . 2008-03-07 01:15	562688	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2008-03-07 01:16	1876736	----a-w-	c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2006-10-19 02:47	1543680	------w-	c:\windows\system32\wmvdecod.dll
2013-05-08 06:10 . 2011-06-11 05:58	770384	----a-w-	c:\windows\system32\msvcr100.dll
2013-05-08 06:10 . 2011-06-11 05:58	421200	----a-w-	c:\windows\system32\msvcp100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChoiceMail"="c:\progra~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe" [2003-04-08 1772032]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-01-29 131072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 4760816]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-13 109784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-13 109784]
.
c:\documents and settings\Steve Galkin\Start Menu\Programs\Startup\
WinPtr.lnk - c:\windows\WINPTR\winptr.exe [2008-10-20 263168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2011-01-19 279912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Steve Galkin^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Steve Galkin\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-26 00:41	413696	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
2007-04-14 02:16	311296	----a-w-	c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-09 23:36	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-11-23 17:40	126976	----a-w-	c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-20 11:37	116648	----atw-	c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 18:34	162328	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 22:44	178712	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 18:34	141848	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 21:13	1101824	----a-w-	c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 21:18	995328	----a-w-	c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 21:23	191552	----a-w-	c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2001-09-24 13:39	98304	----a-w-	c:\program files\Common Files\Logitech\QCDriver\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-06-20 21:25	995176	----a-w-	c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 18:34	137752	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-29 22:47	16859648	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-15 16:05	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 00:20	1024000	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2008-03-04 19:12	360448	----a-w-	c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-20 14:13	273544	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2007-10-08 20:02	262144	----a-w-	c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uploader]
2012-07-02 16:35	120496	----a-w-	c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcrSch2Svc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\IzyMail.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\ChoiceMail.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TOSHIBA\\Windows Utilities\\TACSPROP.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Documents and Settings\\Steve Galkin\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Epson Software\\ECPrinterSetup\\ENPApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [7/1/2011 12:55 PM 16024]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [11/9/2010 9:51 AM 752128]
R1 MpKsl8e305be3;MpKsl8e305be3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B710BA-49F2-4DA8-9B82-030F0F643BCE}\MpKsl8e305be3.sys [8/5/2013 2:10 PM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [5/10/2012 2:00 PM 539744]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [4/18/2013 5:36 PM 122000]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/13/2012 8:32 PM 14976]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [7/2/2012 12:33 PM 14528]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 10:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 10:24 AM 399416]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 4:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 4:15 PM 134016]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [3/6/2008 10:30 PM 5888]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [7/1/2011 12:55 PM 45208]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe --> c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [?]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 8:47 PM 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/12/2013 2:37 PM 3289472]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/9/2010 9:51 AM 163232]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/6/2008 11:00 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 8:47 PM 135664]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [7/1/2011 12:56 PM 12952]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/9/2012 11:58 AM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 01517490
*NewlyCreated* - 46728264
*NewlyCreated* - MPKSL8E305BE3
*NewlyCreated* - RSVP
*Deregistered* - 01517490
*Deregistered* - 46728264
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 13:07]
.
2013-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-08-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-07 00:47]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:47]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:47]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005Core.job
- c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 11:37]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005UA.job
- c:\documents and settings\Steve Galkin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 11:37]
.
2012-10-03 c:\windows\Tasks\My Backup xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2011-07-01 16:50]
.
2013-08-05 c:\windows\Tasks\My Backup(5) xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2011-07-01 16:50]
.
2013-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-454583010-175260030-2287809055-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2013-08-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-454583010-175260030-2287809055-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2013-08-05 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2008-03-07 00:12]
.
2012-10-24 c:\windows\Tasks\Steve Galkin DBAgent 2 0.job
- c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-07-02 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: ameritrade.com\wwws
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
FF - ProfilePath - c:\documents and settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\
FF - ExtSQL: 2013-07-02 09:03; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-05 14:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,cd,93,da,e8,32,5c,44,85,39,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,cd,93,da,e8,32,5c,44,85,39,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(4868)
c:\windows\system32\WININET.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-08-05 14:31:22
ComboFix-quarantined-files.txt 2013-08-05 18:31
ComboFix2.txt 2013-08-02 02:24
.
Pre-Run: 73,907,933,184 bytes free
Post-Run: 73,875,374,080 bytes free
.
- - End Of File - - A208E8DF859D7573E612D749988AD267
09CE7397AF23D4C0B331B89D0297CC7E


----------



## Cookiegal (Aug 27, 2003)

Let's try to do a system restore to the restore point that you created after uninstalling ComboFix and before trying to donate. That should take you back to before the new problem started.


----------



## iagoman (Nov 5, 2003)

I might have mis-understood your instructions...I did the restore to Sunday Aug 4th. I did not remove the combofix file on my desktop before doing the restore...Did I mess anything up?


----------



## Cookiegal (Aug 27, 2003)

No, you didn't mess anything up.

Are you able to go to the sites you went to before without being redirected now?


----------



## iagoman (Nov 5, 2003)

This is what comes up when I try to get to links you send me. Not all links cause the re-direction.
There must be some "invisible" bug that these programs are not catching...you think?




Visitor Survey:
Downloading Monday, August 5, 2013 
Greenwich

Dear visitor, 

You've been selected to take part in this anonymous survey. Tell us what you think in this 30 second questionnaire, and to say "thank you", you will have the opportunity to win the new Apple® iPhone 5 or iPad 2. 

Question 1 of 3: Where are you viewing this website from right now? 


From home 
From work 
Other 



Next 


Question 2 of 3: Is the site's design easy to use and read? 

Yes 
For the most part 
You should update your design 


Next 


Question 3 of 3: How many times per day do you visit this website? 

0-1 times 
1-3 times 
4+ times 


Next 


That's it, all done! Thank you for your participation. 

As we submit the answers to your questions, you may be able to win a brand new Apple® iPhone 5 or iPad 2! 



Submitting your answers
Submitting your answers: Checking offer inventory: 






Thank you for your input You may choose only (1) prize from the list below. Thank you for participating in our survey! 

Apple® iPhone 5 NEW! 
Model: 32GB, Unlocked 
Color: Black or White
Retail Price: $599.00 
Apple® New iPad 2
Model: 64GB, Wi-Fi + Cellular 
Color: Black or White
Retail Price: $659.00 
$1,000 Walmart Gift Card
Redeem online or in-store 
Retail Price: $1000.00 

You selected the 
®
Please enter your contact information 
to continue:
First Name: 
Last Name: 
Cell Phone: 
Email: 
Date of Birth: MM123456789101112 DD12345678910111213141516171819202122232425262728293031 YYYY193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013 


By continuing, you have read and
understood our Privacy Policy. 






We have the following exclusive offers available to give you for your participation. You may choose only (1) product from the list below. Thank you for participating in our survey!


--------------------------------------------------------------------------------

Copyright © 2013 - All Rights Reserved. 

*Participation Required. To qualify for the prize, you must complete two Silver offers and two Gold offers from among the options on the respective Silver and Gold offer pages and for prizes with a value of $100 or less, three Platinum offers, and for prizes with a value of more than $100, eight Platinum offers from among the options on the Platinum offer page within one calendar day (12:00:00 AM, EST to 11:59:59 PM, EST). Completion of rewards offers usually requires a purchase, subscription or filing a credit application and being accepted for a financial product such as a credit card or consumer loan. The following link illustrates a Representative Sample of offers by group along with the monetary and non-monetary obligations required to complete the offer. U.S. residents 18 years or older only. Limit of one prize issued by RewardZone USA, LLC per person per household per calendar year. Failure to submit accurate registration information or comply with claim verification process will result in loss of eligibility. 

By participating, you agree to the Terms & Conditions which includes mandatory arbitration and Privacy Policy which includes your consent to our sharing your personally identifiable information with our Marketing Partners. 

RewardZone administers this website and does not claim to represent or own any of the trademarks, trade names or rights associated with any of the prizes which are the property of their respective owners who do not own, endorse, or promote RewardZone or this promotion. 

This survey promotion is a popup/popunder advertisement launched by an advertising network and is in no way affiliated with any website, trademark, brand or company including Downloading, Apple® and Walmart®.

Member Support - Prize Status - Privacy Policy - Terms & Conditions

closeResearchTranslateThesaurusNo results found.From: Auto-DetectAuto-DetectArabicBulgarianCatalanChinese SimplifiedChinese TraditionalCzechDanishDutchEnglishEstonianFinnishFrenchGermanGreekHungarianHaitian CreoleHebrewHindiHmong DawIndonesianItalianJapaneseKoreanLatvianLithuanianNorwegianPolishPortugueseRomanianRussianSlovakSlovenianSpanishSwedishThaiTurkishUkrainianVietnameseTo: SpanishArabicBulgarianCatalanChinese SimplifiedChinese TraditionalCzechDanishDutchEnglishEstonianFinnishFrenchGermanGreekHungarianHaitian CreoleHebrewHindiHmong DawIndonesianItalianJapaneseKoreanLatvianLithuanianNorwegianPolishPortugueseRomanianRussianSlovakSlovenianSpanishSwedishThaiTurkishUkrainianVietnameseNo translation available.No results found.help | privacy


----------



## Cookiegal (Aug 27, 2003)

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply.*

Click *Close* to exit the program.


----------



## iagoman (Nov 5, 2003)

FYI, Run SuperAntiSpyware on a daily basis, at least in he last week, especially when the problems began.
I had run it earlier today and it found just 4 threats (not viral).
I never ran it with the options you specified, until today.
It took a long time to complete. Here's the log.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/05/2013 at 09:16 PM

Application Version : 5.6.1020

Core Rules Database Version : 10669
Trace Rules Database Version: 8481

Scan type : Complete Scan
Total Scan Time : 01:25:34

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 599
Memory threats detected : 0
Registry items scanned : 39538
Registry threats detected : 0
File items scanned : 73816
File threats detected : 0


----------



## Cookiegal (Aug 27, 2003)

I believe the program LessTabs is responsible for those surveys.

Please go to Add or Remove Programs in the Control Panel and uninstall LessTabs.

Then reboot the computer and run OTL (choose the quick scan) and post the log please.


----------



## iagoman (Nov 5, 2003)

I removed "lesst abs".prog, I have no idea where that came from. I never d/l'd it.
Also, I tried copying the "box" on my wife's Toshiba laptop. It worked! Don't know why it doesn't do it on mine.
I will now re-boot and run OTL & post the scan results.
You are VERY patient!
S.


----------



## iagoman (Nov 5, 2003)

I ran the OTL. I haven't noticed any re-directs when I go to sites, but I haven't used the pc very much since we started.
Mostly I am doing what you instruct. Do you think I should get rid of FIREFOX. I never used to use it until I started getting
notices that my IE 8 needs to be updated. Of course, with Win/xp Pro there is no further updates for Internet Explorer so I started using Firefox. Now IE seems to be ok...no more notices, which were probably caused by the bugs I had.
What do you think?
Steve

OTL Extras logfile created on: 8/6/2013 9:52:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve Galkin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.11% Memory free
4.83 Gb Paging File | 4.03 Gb Available in Paging File | 83.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 68.71 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
Drive E: | 2794.51 Gb Total Space | 2143.40 Gb Free Space | 76.70% Space Free | Partition Type: NTFS

Computer Name: SBGTOSHIBA | User Name: Steve Galkin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe" = C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe:*:Enabled:ChoiceMail WebMail Server - using IzyMail technology -- (IzySoft)
"C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe" = C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe:*:Enabled:ChoiceMail -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe" = C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe:*:Enabled:Accessibility -- (TOSHIBA)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\mshta.exe" = C:\WINDOWS\system32\mshta.exe:*:Enabled-Link Setup Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe" = C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe:*:Enabled:Epson Connect Printer Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{331C9768-BAD9-F31B-8DA2-0268D346C702}" = Times Reader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61B84435-7A82-4F5C-87EC-1071EC28D72D}" = TOSHIBA Utilities
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F56519-91DF-4D42-A36D-3D4BCA0B8329}" = DAK Wave MP3 Editor PRO v6.1b
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A737E18A-5171-40D0-8034-7DD243420081}" = Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB912177-24CC-4AEE-8329-97D7ACD125D4}" = Macrium Reflect - Free Edition
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C02A6D5F-0FE1-46DE-B483-2BD33A226BCF}" = TOSHIBA TouchPad ON/Off Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F87607CB-BCC7-4263-8F05-F901097BF956}" = Holy Grail Song Splitter PRO
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-8-9-5 (All Users)
"Any Password_is1" = Any Password 1.44
"AutoSizer" = AutoSizer
"Belarc Advisor" = Belarc Advisor 7.2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"ChoiceMail One Retail 1.600" = ChoiceMail One Retail 1.600
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"CSCLIB" = Canon Camera Support Core Library
"DAKDePopper3" = DAK DePopper 3.x
"DAKEqualizer2" = DAK Equalizer 2.x
"DC-Bass Source" = DC-Bass Source 1.3.0
"DivX Setup" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Remote Print" = EPSON Remote Print Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON XP-400 Series" = EPSON XP-400 Series Printer Uninstall
"Everything" = Everything 1.2.1.371
"Fences Pro" = Fences Pro
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LTCM Client" = LTCM Client
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NexGen Media Player" = NexGen Media Player - a modern video player
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"PE Builder_is1" = PE Builder 3.1.10a
"PhotoFiltre" = PhotoFiltre
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"PublicWare File Renamer" = PublicWare File Renamer
"QCDrivers" = QuickCam Drivers
"Quick Search Box" = Google Quick Search Box
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Silent Package Run-Time Sample" = EPSON Perf 4490P Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"vsfilter_is1" = DirectVobSub 2.40.4209
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2013 9:30:13 AM | Computer Name = SBGTOSHIBA | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 8/4/2013 11:27:29 AM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 4.3.215.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/4/2013 12:49:14 PM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8/4/2013 2:37:26 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2013 2:37:32 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1001
Description = Fault bucket -637767468.

Error - 8/4/2013 2:38:25 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2013 2:38:28 PM | Computer Name = SBGTOSHIBA | Source = Application Hang | ID = 1001
Description = Fault bucket -637767468.

Error - 8/5/2013 11:45:38 AM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8/5/2013 12:13:34 PM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8/5/2013 2:17:04 PM | Computer Name = SBGTOSHIBA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 8/3/2013 7:52:40 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 8/3/2013 7:52:53 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/3/2013 9:57:23 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/3/2013 10:11:32 AM | Computer Name = SBGTOSHIBA | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_LAVASOFT_KERNEXPLORER\0000 disappeared from
the system without first being prepared for removal.

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 8/3/2013 10:13:39 AM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 8/3/2013 12:25:03 PM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 8/3/2013 12:25:03 PM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 8/3/2013 12:25:03 PM | Computer Name = SBGTOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

< End of report >


----------



## Cookiegal (Aug 27, 2003)

I need to see the other log created by OTL please.


----------



## iagoman (Nov 5, 2003)

What other log? Where is it located?


----------



## Cookiegal (Aug 27, 2003)

There should be an OTL.txt log as well on the desktop.

I forgot to answer your question about Firefox. I would stay with Firefox, it's more secure. But it's also important that you continue to update IE8 (yes, updates are still available until April 2014) because Windows uses IE to obtain the updates.


----------



## iagoman (Nov 5, 2003)

OTL logfile created on: 8/6/2013 9:52:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve Galkin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.11% Memory free
4.83 Gb Paging File | 4.03 Gb Available in Paging File | 83.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 68.71 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
Drive E: | 2794.51 Gb Total Space | 2143.40 Gb Free Space | 76.70% Space Free | Partition Type: NTFS

Computer Name: SBGTOSHIBA | User Name: Steve Galkin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/04 17:24:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
PRC - [2013/07/25 19:21:33 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/15 21:52:27 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/05/13 15:24:22 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/09/12 08:34:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/10/31 14:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2009/01/29 14:25:55 | 000,131,072 | ---- | M] (South Bay Software) -- C:\Program Files\AutoSizer\AutoSizer.exe
PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/04/10 11:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2003/04/08 13:53:22 | 001,772,032 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
PRC - [2003/03/28 14:50:06 | 000,111,616 | ---- | M] (IzySoft) -- C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe
PRC - [1999/10/12 22:39:22 | 000,646,656 | ---- | M] () -- C:\Program Files\shortkey\SHORTKEY.EXE

========== Modules (No Company Name) ==========

MOD - [2013/07/24 09:18:42 | 001,226,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a32eed29f25d7d4ea0bfa1e7e5489ba2\System.WorkflowServices.ni.dll
MOD - [2013/07/24 09:18:00 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9c0f2fa6d0dd670512e52db959e8eaa6\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/24 09:17:59 | 001,141,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\77a9a63f46176d6e8ef53ac220012ebd\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/24 09:17:58 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\84eb08a79334a22f4d49bd1c5b783f7c\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/24 09:17:36 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/24 09:17:35 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fef870c310e8117fcd348efe354052fc\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/24 09:17:29 | 001,078,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f4cf6be9712d6940838585e4a70efdb4\System.IdentityModel.ni.dll
MOD - [2013/07/24 09:17:27 | 018,101,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a6bd2f8159d0a7f364f4b34fb2123e01\System.ServiceModel.ni.dll
MOD - [2013/07/24 09:17:01 | 001,076,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\54dc28b359a5912bd870de05402a4ab8\System.ServiceModel.Web.ni.dll
MOD - [2013/07/24 09:00:03 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/24 08:59:55 | 001,926,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\33bab1a4c3f9d76a8fc9df83aa3bb73f\System.Web.Services.ni.dll
MOD - [2013/07/24 08:59:30 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll
MOD - [2013/07/24 08:59:28 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\146c1e45baba9c81ed88ef28a368f215\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/24 08:59:26 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\81cce7362766900e91afb51f2c48abb0\SMDiagnostics.ni.dll
MOD - [2013/07/24 08:59:24 | 002,646,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d040bb34ddf0766f4de0fb9cc5191ca8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/24 08:58:06 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/24 08:52:52 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aa78c26d45f57e7bb99a7356154de49b\PresentationFramework.ni.dll
MOD - [2013/07/24 08:52:28 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b8562544df44384d9800def1ab7d096b\PresentationCore.ni.dll
MOD - [2013/07/24 08:52:07 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\fc07e5bc2553d060a814674b67f50318\WindowsBase.ni.dll
MOD - [2013/07/24 08:51:53 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5326f0da29e8171624f520a81f6e3eb1\System.Core.ni.dll
MOD - [2013/07/24 08:51:50 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/24 08:51:45 | 001,013,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/24 08:51:40 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/24 08:51:24 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
MOD - [2009/01/29 14:25:55 | 000,086,016 | ---- | M] () -- C:\Program Files\AutoSizer\AutoSizer.dll
MOD - [2008/04/13 20:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/10/08 17:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
MOD - [2003/04/08 13:53:22 | 001,772,032 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
MOD - [2000/06/24 15:29:40 | 000,151,552 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ssleay32.dll
MOD - [2000/06/24 15:29:00 | 000,655,360 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\libeay32.dll
MOD - [1999/10/12 22:39:22 | 000,646,656 | ---- | M] () -- C:\Program Files\shortkey\SHORTKEY.EXE
MOD - [1999/05/07 14:20:06 | 000,029,184 | ---- | M] () -- C:\Program Files\shortkey\SHTK95HK.DLL

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2013/08/01 09:07:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/28 09:48:41 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/25 19:21:33 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/12 08:34:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/04/10 11:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/06 09:48:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5C409F8-13EC-4181-8B11-2EFDDFBCD12C}\MpKslc525666f.sys -- (MpKslc525666f)
DRV - [2011/08/04 09:28:13 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 09:28:13 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/01 12:56:02 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2011/07/01 12:55:28 | 000,045,208 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psmounter.sys -- (PSMounter)
DRV - [2010/11/11 21:36:32 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/11/11 21:36:17 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2010/11/11 21:36:15 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/11/11 21:36:06 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/30 14:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/01/04 02:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/09/26 09:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/08/27 14:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/04 11:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2007/03/26 16:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 18:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 16:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001/09/24 09:39:18 | 000,010,261 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2001/09/24 09:38:26 | 000,033,280 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001/09/20 03:39:44 | 000,193,574 | ---- | M] (Tekom Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{922AF453-0CFD-4800-BDC6-CA3B819F52A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111221&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{922AF453-0CFD-4800-BDC6-CA3B819F52A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: lesstabs%40lesstabs.com:1.7.2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/20 10:14:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/05/13 15:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/28 09:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/28 09:47:59 | 000,000,000 | ---D | M]

[2010/11/05 09:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Extensions
[2013/08/05 11:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions
[2013/03/24 15:27:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/06/21 11:25:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/06 10:56:59 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2011/12/21 19:57:23 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\searchplugins\bing-zugo.xml
[2013/08/06 09:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/07/28 09:47:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/07/28 09:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/28 09:47:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 09:48:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/07 09:34:46 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\

O1 HOSTS File: ([2013/08/03 10:14:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoSizer] C:\Program Files\AutoSizer\AutoSizer.exe (South Bay Software)
O4 - HKCU..\Run: [ChoiceMail] C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Startup\WinPtr.lnk = C:\WINDOWS\WINPTR\winptr.exe (Silent O Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///D:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.33/uploader2.cab (UploadListView Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224556295671 (WUWebControl Class)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///D:/activeX/aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE5BE75-EE9F-41A8-8D52-5FF920C654AA}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 21:49:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 15:31:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/05 15:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Desktop\New Folder
[2013/08/05 14:18:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/05 11:07:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/04 17:24:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
[2013/08/03 08:00:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/01 22:05:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/01 22:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/28 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/24 08:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/07/24 08:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Application Data\Yahoo!

========== Files - Modified Within 30 Days ==========

[2013/08/06 09:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/06 09:51:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-454583010-175260030-2287809055-1005.job
[2013/08/06 09:51:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-454583010-175260030-2287809055-1005.job
[2013/08/06 09:49:02 | 000,809,226 | ---- | M] () -- C:\Everything.db
[2013/08/06 09:48:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/06 09:47:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/06 09:47:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/06 09:47:22 | 3210,698,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/06 09:40:34 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2013/08/06 09:23:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005UA.job
[2013/08/06 09:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/06 01:00:11 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\shutdown.job
[2013/08/05 23:50:43 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\My Backup(5) xml.job
[2013/08/05 13:23:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005Core.job
[2013/08/05 11:24:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/08/04 17:24:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
[2013/08/04 13:49:04 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/04 12:43:08 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\FixAutorun.zip
[2013/08/04 11:24:17 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\fixcd.reg
[2013/08/03 10:14:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/01 22:05:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/28 20:33:24 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Shortcut to PARIS iPhone Pics.lnk
[2013/07/27 07:17:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/24 10:38:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/24 10:04:54 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/07/24 08:49:49 | 000,525,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/24 08:49:49 | 000,097,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/24 08:45:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/24 00:49:36 | 000,103,861 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\Page 4 Uniform Resid Loan Applic.pdf
[2013/07/24 00:04:34 | 000,367,448 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\Uniform Residential Loan Applic.pdf
[2013/07/08 15:09:53 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Google.url
[2013/07/08 11:36:28 | 000,126,026 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\MLG-SBG-MMG Agreement.pdf

========== Files Created - No Company Name ==========

[2013/08/06 09:49:02 | 000,809,226 | ---- | C] () -- C:\Everything.db
[2013/08/04 12:43:08 | 000,000,343 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\FixAutorun.zip
[2013/08/04 11:24:17 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\fixcd.reg
[2013/08/01 22:05:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/01 22:05:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/28 20:33:24 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\Shortcut to PARIS iPhone Pics.lnk
[2013/07/26 16:37:25 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/07/26 11:15:24 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/24 00:49:36 | 000,103,861 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\Page 4 Uniform Resid Loan Applic.pdf
[2013/07/24 00:04:32 | 000,367,448 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\Uniform Residential Loan Applic.pdf
[2013/07/08 11:36:27 | 000,126,026 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\MLG-SBG-MMG Agreement.pdf
[2013/06/17 16:37:11 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\WBPU-TTL.DAT
[2013/06/14 16:37:40 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/06/07 16:38:29 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/07 16:38:29 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/07 16:38:16 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/06/07 16:38:11 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/06/07 16:37:56 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/06/07 16:37:55 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/06/07 16:37:55 | 000,001,796 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013/04/20 01:01:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/04/18 17:31:30 | 000,000,106 | ---- | C] () -- C:\WINDOWS\XP400.ini
[2012/10/14 09:29:51 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/13 20:32:33 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/10/13 20:32:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/10/13 20:31:58 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/10/05 01:01:39 | 000,525,259 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-454583010-175260030-2287809055-1005-0.dat
[2012/10/04 18:28:17 | 000,276,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 08:39:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/23 19:00:21 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\.recently-used.xbel
[2010/08/20 20:48:29 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\fusioncache.dat
[2008/11/16 11:20:42 | 000,039,739 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\Microsoft Excel.ADR
[2008/10/30 10:58:35 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\Comma Separated Values (Windows).ADR
[2008/10/20 22:11:35 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/03/06 21:52:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/04 09:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2013/06/08 09:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/01/11 11:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAK
[2010/07/20 17:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2013/06/17 09:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/12/20 09:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2013/05/17 08:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2013/05/17 08:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/11/19 11:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2008/10/20 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/02/08 17:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/10/22 12:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/09/02 21:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2012/10/22 11:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/01/16 16:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/06 08:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/02 21:31:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6AA53D5D-4235-46F9-BAB3-3C1AF08F4C1A}
[2010/03/12 21:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/23 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/05/24 18:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\AutoSizer
[2009/09/27 21:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\BSD
[2013/06/07 16:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\CDXReader
[2010/08/23 14:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/28 10:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/01/10 12:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\DAK
[2010/07/20 17:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\eFax Messenger
[2011/08/02 11:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\ElevatedDiagnostics
[2013/04/19 08:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\EPSON
[2010/03/12 23:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\FreeAudioPack
[2010/03/13 10:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\FreeCDRipper
[2010/09/02 16:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\GARMIN
[2012/12/06 14:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\GoodSync
[2010/05/08 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\gtk-2.0
[2008/11/10 12:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Image Zone Express
[2008/10/28 17:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\InfraRecorder
[2009/06/12 20:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\InterVideo
[2010/07/20 17:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\j2 Global
[2013/06/07 16:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\LavFilters
[2013/04/19 08:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Leader Technologies
[2008/10/22 11:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Leadertech
[2012/05/27 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Octoshape
[2011/07/25 11:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\RegistryKeys
[2011/12/20 18:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\RoboForm
[2012/10/22 12:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Seagate
[2012/12/25 12:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Softplicity
[2010/09/02 21:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Stardock
[2010/11/05 11:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Thunderbird
[2008/10/22 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\toshiba
[2009/04/11 11:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Uniblue
[2008/03/06 22:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\WinBatch

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

I'm attaching another Fix to run with OTL.

Paste it under Custom Scans and then Click Run Scan and post the log it produces please.


----------



## Cookiegal (Aug 27, 2003)

Also, please if this start page is by choice:

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/

You also have remnants of Symantec anti-virus. If you don't have any other Symantec products then you should run the Norton Removal Tool:

https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Do you recognize these as things you've download in the past?

C:\Documents and Settings\Steve Galkin\Application Data\FreeAudioPack
[2010/03/13 10:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\FreeCDRipper
[2011/07/25 11:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\RegistryKeys
[2012/12/25 12:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Galkin\Application Data\Softplicity


----------



## iagoman (Nov 5, 2003)

Optium was my home page at one time. Since we use optonline.net as our internet provider.
FreeCDripper was a download I don't need it.
Softplicity???have no idea..


----------



## Cookiegal (Aug 27, 2003)

Softplicity appears to be the company name. I believe the program is PDF Combine so it's something to do with creating or converting PDF files. Does that ring a bell?


----------



## iagoman (Nov 5, 2003)

Whatever it is, I don't need it. I only create PDF's, never convert them to whatever they can be converted to.


----------



## iagoman (Nov 5, 2003)

Years ago I used "pc anywhere" for moving to a new system. I thought I removed all of it from the system.
I did a search using "Everything" and saw two small files ...
PCANY,htm in C:\windows\i386\compdata 2kb 1/3/2007
PCANY.txt in same location. Text says that PC Anyware is not compatible with this veersion of Windows.
Since I probably used it when I went from a very earlier version of Windows. I can delete the above files, but I'm not sure
which removal tool to use to get rid of Semantic orphans.


----------



## iagoman (Nov 5, 2003)

I ran the removal tool. Also deleted those two files I listed.
Do we have anymore work to do?
S.


----------



## Cookiegal (Aug 27, 2003)

I wouldn't delete anything in the i386 folder. They can be left there.

I just want to take a look at what may be in these folders:

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\Documents and Settings\Steve Galkin\Application Data\FreeAudioPack
C:\Documents and Settings\Steve Galkin\Application Data\FreeCDRipper
C:\Documents and Settings\Steve Galkin\Application Data\RegistryKeys
C:\Documents and Settings\Steve Galkin\Application Data\Softplicity
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## iagoman (Nov 5, 2003)

SystemLook 04.09.10 by jpshortstuff
Log created at 18:30 on 06/08/2013 by Steve Galkin
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\Steve Galkin\Application Data\FreeAudioPack - Parameters: "(none)"

---Files---
EasyCutter.ini	--a---- 24 bytes	[03:34 13/03/2010]	[03:34 13/03/2010]
FreeConverter.ini	--a---- 432 bytes	[03:34 13/03/2010]	[14:16 13/03/2010]

---Folders---
None found.

C:\Documents and Settings\Steve Galkin\Application Data\FreeCDRipper - Parameters: "(none)"

---Files---
Ripper.ini	--a---- 435 bytes	[14:10 13/03/2010]	[14:10 13/03/2010]

---Folders---
CDDB	d------	[14:10 13/03/2010]

C:\Documents and Settings\Steve Galkin\Application Data\RegistryKeys - Parameters: "(none)"

---Files---
None found.

---Folders---
Exception	d------	[15:39 25/07/2011]

C:\Documents and Settings\Steve Galkin\Application Data\Softplicity - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please run SystemLook again with this script:

:dir
C:\Documents and Settings\Steve Galkin\Application Data\RegistryKeys /s


----------



## iagoman (Nov 5, 2003)

SystemLook 04.09.10 by jpshortstuff
Log created at 20:09 on 06/08/2013 by Steve Galkin
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\Steve Galkin\Application Data\RegistryKeys - Parameters: "/s"

---Files---
None found.

C:\Documents and Settings\Steve Galkin\Application Data\RegistryKeys\Exception	d------	[15:39 25/07/2011]

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Do you know anything about this RegistryKeys thing?

I was hoping to get what's in the subfolder but the command is only giving the name of this folder:

C:\Documents and Settings\Steve Galkin\Application Data\RegistryKeys\*Exception*

Can you take a look in that folder and let me know what files it contains?

Also, are you still getting those popups?


----------



## iagoman (Nov 5, 2003)

it's empty, with a July 25 2013 date (o bytes)


----------



## Cookiegal (Aug 27, 2003)

I would just delete all of these folders:

C:\Documents and Settings\Steve Galkin\Application Data\*FreeAudioPack*
C:\Documents and Settings\Steve Galkin\Application Data\*FreeCDRipper*
C:\Documents and Settings\Steve Galkin\Application Data\*RegistryKeys*
C:\Documents and Settings\Steve Galkin\Application Data\*Softplicity*

How are things now?


----------



## iagoman (Nov 5, 2003)

Things are normal. No more hijacking. I think we're clear.
I'll delete those folders and re-boot & run SuperAntiSpyware too.
Steve


----------



## Cookiegal (Aug 27, 2003)

Sounds good.


----------



## iagoman (Nov 5, 2003)

Deleted those folders, ran SAS (0 infections).
Do you think we're done?
I hope so...My wife is getting jealous! (LOL).
Steve


----------



## Cookiegal (Aug 27, 2003)

Yes, that should do it.


----------



## iagoman (Nov 5, 2003)

Cookiegal,
It's been great. Thanks for all the help. 
One last question...Do you think I should move to Windows7 or 8, or stay with XP until MS stops supporting it?
Steve


----------



## Cookiegal (Aug 27, 2003)

You're welcome. 

BTW, if you still wish to donate to the author of ComboFix, there's a paypal link for him on the ComboFix download page. Just scroll down to where it says "For those who wish to help finance the author's work, he is accepting contributions via Paypal. You can contribute by clicking on the following image:" and click on the paypal link there.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

If you like XP and aren't in any hurry to change then there's no problem in waiting until extended support ends in April 2014 before moving to a newer operating system. But I do recommend abandoning XP at that time as there will be no further security updates to patch vulnerabilities which will make the operating system very risky to continue using.

You can run the MS upgrade assistant to see if the system would be compatibile to run Windows 7 or 8 but even if it passes, if the computer is very old, I would consider getting a new one if that's in your budget.

Here's a link to the Windows 7 upgrade advisor:

http://windows.microsoft.com/en-CA/windows/downloads/upgrade-advisor

Here's a link to the Windows 8 upgrade assistant:

http://windows.microsoft.com/en-CA/windows-8/upgrade-to-windows-8

Now I don't have Windows 7 or 8 myself but from what I'm hearing, it may be best to go to Windows 7 first if you want to change right away as many are not liking Windows 8. There is supposed to be a "better" version called 8.1 so it might be best to wait for that as it's still in beta testing. Windows 7 can be upgraded to Windows 8 or 8.1 but you'd still have to purchase an upgrade license, which is cheaper than buying another full operating system. I believe Windows 8.1 is set for release in the late fall of 2013 though. Of course it's best to see what the feedback is before making the plunge but at least it should be before the end of life of XP. I hope this is helpful.


----------



## iagoman (Nov 5, 2003)

Thanks for all the advice. I already donated to Combofix and ROGUEKILLER today, via my PayPal Acct. I'll hold off on a new laptop for a while. I have an iPhone, iPad, Ipod, Ipod Touch and my wife is looking at the Google Nexus 7 which a friend showed her. It's pretty amazing. I may sell my iPad2 and get one to replace it.
It even supports Flash (as an added app).
Shall we mark this "SOLVED"?
Steve


----------



## Cookiegal (Aug 27, 2003)

You're welcome. Yes, please go ahead and mark it "solved".

Please flush the restore points again (turn system restore off and back up) then create a new restore point.

Also, run the OTL clean up routine.


----------



## Cookiegal (Aug 27, 2003)

And again, thank you for all of the donations on behalf of TSG and the author's of ComboFix and RogueKiller.


----------



## iagoman (Nov 5, 2003)

"http://www.gamefly.com/?adtrackingid=fads001"
I'm getting re-directs again. The above link was activate after I was at a site I've been using for years and have never been
re-directed from.
I did all the steps you listed, flushed the restore points, set a new one, did a backup.
Should I set the restore point back to the last one created?
Sorry that I had to re-open this topic.
Steve


----------



## Cookiegal (Aug 27, 2003)

Probably but before doing that please download OTL and run a new scan and post that log.

Also, please provide the URL of the site you visited.


----------



## iagoman (Nov 5, 2003)

"http://www.gamefly.com/?adtrackingid=fads001"

OTL logfile created on: 8/9/2013 9:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve Galkin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.43% Memory free
4.83 Gb Paging File | 4.08 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 69.29 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive E: | 2794.51 Gb Total Space | 1900.94 Gb Free Space | 68.02% Space Free | Partition Type: NTFS

Computer Name: SBGTOSHIBA | User Name: Steve Galkin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/09 09:43:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
PRC - [2013/07/25 19:21:33 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/15 21:52:27 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/05/13 15:24:22 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/09/12 08:34:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/10/31 14:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2009/01/29 14:25:55 | 000,131,072 | ---- | M] (South Bay Software) -- C:\Program Files\AutoSizer\AutoSizer.exe
PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/04/10 11:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2003/04/08 13:53:22 | 001,772,032 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
PRC - [2003/03/28 14:50:06 | 000,111,616 | ---- | M] (IzySoft) -- C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe
PRC - [1999/10/12 22:39:22 | 000,646,656 | ---- | M] () -- C:\Program Files\shortkey\SHORTKEY.EXE

========== Modules (No Company Name) ==========

MOD - [2013/07/24 09:18:42 | 001,226,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a32eed29f25d7d4ea0bfa1e7e5489ba2\System.WorkflowServices.ni.dll
MOD - [2013/07/24 09:18:00 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9c0f2fa6d0dd670512e52db959e8eaa6\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/24 09:17:59 | 001,141,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\77a9a63f46176d6e8ef53ac220012ebd\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/24 09:17:58 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\84eb08a79334a22f4d49bd1c5b783f7c\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/24 09:17:36 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/24 09:17:35 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fef870c310e8117fcd348efe354052fc\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/24 09:17:29 | 001,078,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f4cf6be9712d6940838585e4a70efdb4\System.IdentityModel.ni.dll
MOD - [2013/07/24 09:17:27 | 018,101,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a6bd2f8159d0a7f364f4b34fb2123e01\System.ServiceModel.ni.dll
MOD - [2013/07/24 09:17:01 | 001,076,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\54dc28b359a5912bd870de05402a4ab8\System.ServiceModel.Web.ni.dll
MOD - [2013/07/24 09:00:03 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/24 08:59:55 | 001,926,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\33bab1a4c3f9d76a8fc9df83aa3bb73f\System.Web.Services.ni.dll
MOD - [2013/07/24 08:59:30 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll
MOD - [2013/07/24 08:59:28 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\146c1e45baba9c81ed88ef28a368f215\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/24 08:59:26 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\81cce7362766900e91afb51f2c48abb0\SMDiagnostics.ni.dll
MOD - [2013/07/24 08:59:24 | 002,646,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d040bb34ddf0766f4de0fb9cc5191ca8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/24 08:58:06 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/24 08:52:52 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aa78c26d45f57e7bb99a7356154de49b\PresentationFramework.ni.dll
MOD - [2013/07/24 08:52:28 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b8562544df44384d9800def1ab7d096b\PresentationCore.ni.dll
MOD - [2013/07/24 08:52:07 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\fc07e5bc2553d060a814674b67f50318\WindowsBase.ni.dll
MOD - [2013/07/24 08:51:53 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5326f0da29e8171624f520a81f6e3eb1\System.Core.ni.dll
MOD - [2013/07/24 08:51:50 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/24 08:51:45 | 001,013,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/24 08:51:40 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/24 08:51:24 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
MOD - [2009/01/29 14:25:55 | 000,086,016 | ---- | M] () -- C:\Program Files\AutoSizer\AutoSizer.dll
MOD - [2008/04/13 20:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/10/08 17:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
MOD - [2003/04/08 13:53:22 | 001,772,032 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
MOD - [2000/06/24 15:29:40 | 000,151,552 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\ssleay32.dll
MOD - [2000/06/24 15:29:00 | 000,655,360 | ---- | M] () -- C:\Program Files\DigiPortal Software\ChoiceMail\libeay32.dll
MOD - [1999/10/12 22:39:22 | 000,646,656 | ---- | M] () -- C:\Program Files\shortkey\SHORTKEY.EXE
MOD - [1999/05/07 14:20:06 | 000,029,184 | ---- | M] () -- C:\Program Files\shortkey\SHTK95HK.DLL

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2013/08/01 09:07:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/28 09:48:41 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/25 19:21:33 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/12 08:34:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/04/10 11:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/09 08:52:52 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7BE0AA3-D867-4FFB-93B5-BFAE7E780C60}\MpKsl36b0e1bd.sys -- (MpKsl36b0e1bd)
DRV - [2011/08/04 09:28:13 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 09:28:13 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/01 12:56:02 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2011/07/01 12:55:28 | 000,045,208 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psmounter.sys -- (PSMounter)
DRV - [2010/11/11 21:36:32 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/11/11 21:36:17 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2010/11/11 21:36:15 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/11/11 21:36:06 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/30 14:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/01/04 02:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/09/26 09:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/08/27 14:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/04 11:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2007/03/26 16:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 18:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 16:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001/09/24 09:39:18 | 000,010,261 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2001/09/24 09:38:26 | 000,033,280 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001/09/20 03:39:44 | 000,193,574 | ---- | M] (Tekom Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{922AF453-0CFD-4800-BDC6-CA3B819F52A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111221&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{922AF453-0CFD-4800-BDC6-CA3B819F52A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Steve Galkin\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/20 10:14:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/05/13 15:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/28 09:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/28 09:47:59 | 000,000,000 | ---D | M]

[2010/11/05 09:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Extensions
[2013/08/07 11:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions
[2013/08/07 11:55:05 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/03/24 15:27:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/06/21 11:25:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/06 10:56:59 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\[email protected]
[2011/12/21 19:57:23 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\searchplugins\bing-zugo.xml
[2013/08/06 09:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 09:47:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/07/28 09:47:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/07/28 09:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/28 09:47:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 09:48:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/07 09:34:46 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2013/08/03 10:14:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoSizer] C:\Program Files\AutoSizer\AutoSizer.exe (South Bay Software)
O4 - HKCU..\Run: [ChoiceMail] C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Steve Galkin\Start Menu\Programs\Startup\WinPtr.lnk = C:\WINDOWS\WINPTR\winptr.exe (Silent O Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///D:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.33/uploader2.cab (UploadListView Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224556295671 (WUWebControl Class)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///D:/activeX/aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE5BE75-EE9F-41A8-8D52-5FF920C654AA}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 21:49:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/09 09:43:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
[2013/08/07 12:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Application Data\vlc
[2013/08/07 11:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/08/07 11:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Start Menu\Programs\TopArcadeHits
[2013/08/07 11:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\TopArcadeHits
[2013/08/07 11:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\NGMP
[2013/08/07 11:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\My Documents\NexGen Media Player
[2013/08/05 15:31:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/03 08:00:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/01 22:05:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/01 22:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/28 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/26 11:15:22 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/26 11:15:22 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/25 19:21:57 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/25 19:21:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/25 19:21:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/24 08:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/07/24 08:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Application Data\Yahoo!

========== Files - Modified Within 30 Days ==========

[2013/08/09 09:44:26 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-454583010-175260030-2287809055-1005.job
[2013/08/09 09:44:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-454583010-175260030-2287809055-1005.job
[2013/08/09 09:43:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Galkin\Desktop\OTL.exe
[2013/08/09 09:36:08 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2013/08/09 09:23:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005UA.job
[2013/08/09 09:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/09 09:06:40 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\TopArcadeHits.job
[2013/08/09 08:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/09 08:52:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/09 08:52:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 08:52:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/09 08:52:01 | 3210,698,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/09 01:01:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\shutdown.job
[2013/08/08 23:50:42 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\My Backup(5) xml.job
[2013/08/08 11:24:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/08/07 15:09:07 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
[2013/08/07 14:58:21 | 000,788,905 | ---- | M] () -- C:\Everything.db
[2013/08/07 14:56:10 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/07 13:23:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-454583010-175260030-2287809055-1005Core.job
[2013/08/07 11:58:02 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/08/04 12:43:08 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\FixAutorun.zip
[2013/08/04 11:24:17 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\fixcd.reg
[2013/08/03 10:14:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/01 22:05:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/01 09:07:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/01 09:07:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/28 20:33:24 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Desktop\Shortcut to PARIS iPhone Pics.lnk
[2013/07/27 07:17:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/25 19:21:35 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/25 19:21:31 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/25 19:21:31 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/25 19:21:31 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/25 19:21:31 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/25 19:21:30 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/07/25 19:21:30 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/24 10:38:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/24 10:04:54 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/07/24 08:49:49 | 000,525,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/24 08:49:49 | 000,097,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/24 08:45:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/24 00:49:36 | 000,103,861 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\Page 4 Uniform Resid Loan Applic.pdf
[2013/07/24 00:04:34 | 000,367,448 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\My Documents\Uniform Residential Loan Applic.pdf

========== Files Created - No Company Name ==========

[2013/08/07 14:58:20 | 000,788,905 | ---- | C] () -- C:\Everything.db
[2013/08/07 11:58:02 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/08/07 11:55:02 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\TopArcadeHits.job
[2013/08/04 12:43:08 | 000,000,343 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\FixAutorun.zip
[2013/08/04 11:24:17 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\fixcd.reg
[2013/08/01 22:05:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/01 22:05:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/28 20:33:24 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Desktop\Shortcut to PARIS iPhone Pics.lnk
[2013/07/26 16:37:25 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/07/26 11:15:24 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/24 00:49:36 | 000,103,861 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\Page 4 Uniform Resid Loan Applic.pdf
[2013/07/24 00:04:32 | 000,367,448 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\My Documents\Uniform Residential Loan Applic.pdf
[2013/06/17 16:37:11 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\WBPU-TTL.DAT
[2013/06/14 16:37:40 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/06/07 16:38:29 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/07 16:38:29 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/07 16:38:16 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/06/07 16:38:11 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/06/07 16:37:56 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/06/07 16:37:55 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/06/07 16:37:55 | 000,001,796 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013/04/20 01:01:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/04/18 17:31:30 | 000,000,106 | ---- | C] () -- C:\WINDOWS\XP400.ini
[2012/10/14 09:29:51 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/13 20:32:33 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2012/10/13 20:32:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2012/10/13 20:31:58 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/10/05 01:01:39 | 000,525,259 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-454583010-175260030-2287809055-1005-0.dat
[2012/10/04 18:28:17 | 000,276,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 08:39:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/23 19:00:21 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\.recently-used.xbel
[2010/08/20 20:48:29 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\fusioncache.dat
[2008/11/16 11:20:42 | 000,039,739 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\Microsoft Excel.ADR
[2008/10/30 10:58:35 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Application Data\Comma Separated Values (Windows).ADR
[2008/10/20 22:11:35 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/03/06 21:52:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


----------



## Cookiegal (Aug 27, 2003)

You've picked up some new stuff. What is the url of the site you've "been using for years and have never been re-directed from" please.

Did you download anything from that site or any other since Tuesday the 6th?


----------



## iagoman (Nov 5, 2003)

The site is http:"//www.bugcafe.com.au". It's a site that I have been playing SCRABBLE with my wife, sister and a friend in CA. Probably have been using it for 5 years. (Don't let the name "BUGCAFE" influence you. (LOL)


----------



## iagoman (Nov 5, 2003)

Cookiegal,
Just FYI...I don't always get re-directed. and not just from any particular site. Sometimes there's no problem .
I don't visit many URLs, just the Scrabble site, my ISP site, Amazon for purchases, and Google to check movie times in my area. In general, I'm pretty careful. I NEVER open links in emails and if I get an email from a friend with a link, I email them and ask if the did, indeed send it. Usually they didn't and I delete them with out opening.
I run SuperAntiSpyware on a daily basis and it usually finds a few cookies that aren't dangerous.
I also clear cookies and flush the cache weekly.
S.
S.


----------



## Cookiegal (Aug 27, 2003)

Do you use VideoLan and is that something you installed intentionally?


----------



## Cookiegal (Aug 27, 2003)

Please uninstall the version of HijackThis you have as it's very outdated and then do the folllowing:

Please go * here* to download *HijackThis*.

Click on the button that says *Download Now EXE Version* and save the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*

Also, use HijackThis to do the following:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## iagoman (Nov 5, 2003)

I'll run the MISC TOOLS next and post the result after this hijack listing.
I have no idea what VIDEOLAN is.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:54:38 PM, on 8/9/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\WINDOWS\system32\EscSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\PROGRA~1\DIGIPO~1\CHOICE~1\IzyMail.exe
C:\Program Files\shortkey\SHORTKEY.EXE
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ChoiceMail] "C:\PROGRA~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe"
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: WinPtr.lnk = C:\WINDOWS\WINPTR\winptr.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} (DCPForm Control 1.0.1.1) - file:///D:/activeX/DCP.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.33/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224556295671
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - file:///D:/activeX/aplugLiteDL.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Unknown owner - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\WINDOWS\system32\EscSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 15456 bytes


----------



## iagoman (Nov 5, 2003)

ABBYY FineReader 6.0 Sprint
Acrobat.com
Acrobat.com
Across Lite 2.0
Any Password 1.44
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoSizer
Belarc Advisor 7.2
Bonjour
Camera Assistant Software for Toshiba
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CD/DVD Drive Acoustic Silencer
ChoiceMail One Retail 1.600
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DAK DePopper 3.x
DAK Equalizer 2.x
DAK Wave MP3 Editor PRO v6.1b
DC-Bass Source 1.3.0
DirectVobSub 2.40.4209
DivX Setup
Easy-WebPrint
EPSON Attach To Email
Epson Connect
Epson Connect Printer Setup
EPSON Copy Utility 3
Epson Customer Participation
Epson Event Manager
EPSON File Manager
EPSON Perf 4490P Guide
EPSON Remote Print Uninstall
EPSON Scan
EPSON Scan Assistant
EPSON XP-400 Series Printer Uninstall
EpsonNet Print
Everything 1.2.1.371
Fences Pro
ffdshow v1.1.4399 [2012-03-22]
Garmin Communicator Plugin
Garmin USB Drivers
Garmin USB Drivers
GearDrvs
Google Desktop
Google Earth
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Haali Media Splitter
High Definition Audio Driver Package - KB888111
HiJackThis
Holy Grail Song Splitter PRO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.2
HP LaserJet P1000 series
HP PSC & OfficeJet 4.2
HPCarePackProducts
Impulse
Impulse
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
IrfanView (remove only)
iTunes
Java 7 Update 25
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
Logitech QuickCam
LTCM Client
Macrium Reflect - Free Edition
mCore
mDrWiFi
MediaWidget 5.5
Memories Disc Creator 2.0
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mIWA
mLogView
mMHouse
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mZConfig
neroxml
Netflix Movie Viewer
NexGen Media Player - a modern video player
OGA Notifier 2.0.0048.0
OpenSource Flash Video Splitter 1.0.0.5
PDF Reader 2013
PE Builder 3.1.10a
PhotoFiltre
PublicWare File Renamer
QuickCam Drivers
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
RoboForm 7-8-9-5 (All Users)
Safari
Seagate Dashboard 2.0
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SES Driver
Skype Click to Call
Skype™ 6.3
Software Updater
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Times Reader
Times Reader
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.8
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
Xvid Video Codec


----------



## Cookiegal (Aug 27, 2003)

I'll review all of the logs and post further instructions tomorrow morning.


----------



## Cookiegal (Aug 27, 2003)

It looks like you had Acronis before. Did you uninstall that in favour of Macrium?

The VideoLan I asked you about relates to the VLC Media Player. Do you use that? If not you can uninstall it via the Control Panel - Add or Remove Programs.

Please uninstall the following via the Control Panel - Add or Remove Programs:

*NexGen Media Player - a modern video player*

Then reboot the computer before proceeding with the following:

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/08/07 11:55:05 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2011/12/21 19:57:23 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\searchplugins\bing-zugo.xml
[2012/03/07 09:34:46 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
CHR - default_search_provider: Conduit (Enabled)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
[2013/08/07 11:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Start Menu\Programs\TopArcadeHits
[2013/08/07 11:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\TopArcadeHits
[2013/08/07 11:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\NGMP
[2013/08/07 11:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Galkin\My Documents\NexGen Media Player
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.

In addition to the above log, please run OTL again and post the new full log.


----------



## iagoman (Nov 5, 2003)

Hi Cookiegal,
I did have ACRONIS at one time, but switched to MACRIUM about two years ago.
I installed VLC MEDIA PLAYER a few days ago since I was not able to play DVD's after 
my PC problems started. VLC was recommended by an advisor at TSG, so I installed it and my DVD's play.
I will remove NEXGEN MEDIA PLAYER.
Note: When I try to copy the "box", I get an image of a "light bulb" and the error message
CONTEXTUAL SEARCH
"Request URI is too long"
So I'm not able to select the entire box...again.
Steve


----------



## Cookiegal (Aug 27, 2003)

Is that the exact message? Can you post a screenshot of it please?


----------



## iagoman (Nov 5, 2003)

That is the exact message. I am not sure how to post a screen shot. Never did that before.


----------



## iagoman (Nov 5, 2003)

I was able to copy all the data in the BOX & run OTL

========== OTL ==========
Prefs.js: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected] deleted successfully.
File C:\Program Files\Mozilla Firefox\extensions\[email protected] not found.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} folder moved successfully.
C:\Documents and Settings\Steve Galkin\Application Data\Mozilla\Firefox\Profiles\hjvuqfiy.default\searchplugins\bing-zugo.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\search.xml moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ deleted successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\Documents and Settings\Steve Galkin\Start Menu\Programs\TopArcadeHits folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\TopArcadeHits folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\NGMP\NGMP.exe_Url_xit3u45vumte1mwwek1gpln04hjlfjwy\1.0.0.0 folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\NGMP\NGMP.exe_Url_xit3u45vumte1mwwek1gpln04hjlfjwy folder moved successfully.
C:\Documents and Settings\Steve Galkin\Local Settings\Application Data\NGMP folder moved successfully.
Item C:\Documents and Settings\ is whitelisted and cannot be moved.

OTL by OldTimer - Version 3.2.69.0 log created on 08112013_120451


----------



## Cookiegal (Aug 27, 2003)

What did you do differently that allowed you to copy all of the text?

You did cut off the bottom one though and it's a good thing the tool has built-in protection by prohibiting the removal of vital folders or your entire My Documents folder would have been deleted.

Please delete this folder from your My Documents:

C:\Documents and Settings\Steve Galkin\My Documents\*NexGen Media Player*


----------



## iagoman (Nov 5, 2003)

I high-lighted the box, did a control C, opened up a .txt file and copied it into the .txt file.
I printed it out and it looked like it copied everything to the right, but the bottom lines were not included. 
I removed the C:\Documents and Settings\Steve Galkin\My Documents\NexGen Media Player folder
Steve


----------



## Cookiegal (Aug 27, 2003)

Yes but how did you highlight the contents of the box when you weren't able to do it before?

Are you still getting redirects?


----------



## Cookiegal (Aug 27, 2003)

To remove the remnants of Acronis and a leftover please run OTL again.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
DRV - [2010/11/11 21:36:32 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/11/11 21:36:17 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2010/11/11 21:36:15 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/11/11 21:36:06 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
[2013/08/09 09:06:40 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\TopArcadeHits.job

:Files
C:\Program Files\Common Files\Acronis
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## Cookiegal (Aug 27, 2003)

One other thing I wanted to check. Please run SystemLook with the following script and post the log:


```
:dir
C:\WINDOWS\System32\MRT
```


----------



## iagoman (Nov 5, 2003)

I cannot copy the entire script in the box.
Where do I get SYSTEMLOOK?
S.


----------



## Cookiegal (Aug 27, 2003)

But you were able to copy the entire contents of the code box last time. 

We had used SystemLook before so I thought you still had it but it probably got uninstalled when doing the clean up routine.

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\WINDOWS\System32\MRT
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## iagoman (Nov 5, 2003)

Earlier you said that the entire box was not copied.
I still cannot copy it.
I tried going to my wife's pc and copying it from there, but I also couldn't copy the entire box (although it did work last week)??? I don't know why it doesn't work. Maybe we should leave things as they are.
It's frustrating when I can't follow your instructions.
Steve


----------



## Cookiegal (Aug 27, 2003)

Would you please just open that directory and let me know the names of any files it contains.


----------



## iagoman (Nov 5, 2003)

I ran SystemLook with the info in the second box.
SystemLook 04.09.10 by jpshortstuff
Log created at 08:40 on 12/08/2013 by Steve Galkin
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\System32\MRT - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

I'm attaching the OTL fix to run. Please post the resulting log after running it.


----------



## iagoman (Nov 5, 2003)

========== OTL ==========
Service afcdpsrv stopped successfully!
Service afcdpsrv deleted successfully!
File C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe not found.
Service AcrSch2Svc stopped successfully!
Service AcrSch2Svc deleted successfully!
File C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe not found.
Service afcdp stopped successfully!
Service afcdp deleted successfully!
C:\WINDOWS\system32\drivers\afcdp.sys moved successfully.
Error: Unable to stop service tdrpman273!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdrpman273 deleted successfully.
C:\WINDOWS\system32\drivers\tdrpm273.sys moved successfully.
Error: Unable to stop service timounter!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\timounter deleted successfully.
C:\WINDOWS\system32\drivers\timntr.sys moved successfully.
Error: Unable to stop service snapman!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\snapman deleted successfully.
C:\WINDOWS\system32\drivers\snapman.sys moved successfully.
C:\WINDOWS\tasks\TopArcadeHits.job moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Common Files\Acronis not found.

OTL by OldTimer - Version 3.2.69.0 log created on 08122013_095625


----------



## Cookiegal (Aug 27, 2003)

How are things now?


----------



## iagoman (Nov 5, 2003)

I haven't had a problem for a few days.
I can't play youTube videos, which I could before.
I saw that I need Adobe Flash Player to do that. Should I get that from Adobe?
I have an account at youtube where I posted a few home videos (2).
What do you think? Is it safe?
I also have been running SuperAntiSpyware daily and nothing has been found. Looks like I'm clean.
Steve


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and report back if you can see the flash display and if so, a bit further down the page, what version of flash does it say you're running?

http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html


----------



## iagoman (Nov 5, 2003)

Above site says...
I'm running v 11.8.800.94 for Win xp (32 Bit) with IE.
All is working perfectly.

Steve


----------



## Cookiegal (Aug 27, 2003)

Do you mean the videos are now working or just the Adobe flash page is working perfectly?

If you're still having problems playing YouTube videos, what happens when you try?


----------



## iagoman (Nov 5, 2003)

Videos play perfectly. I d/l 'd the Adobe Flash Player earlier today after checking if it's a safe file.
Since I had it in the past on all my pc's I figured it's ok to download and install.
My laptop is working very well. You cleaned it up!
Thanks,
Steve


----------



## Cookiegal (Aug 27, 2003)

It is definitely OK to install but you need to make sure you install it from the proper site and do not follow any prompts that you get saying you need Flash and to download it as many of those are hoaxes and lead to malicious downloads. Just close the windows and go to the Adobe site and download it there.


----------



## iagoman (Nov 5, 2003)

I downloaded it from adobe.com.
All is AOK.
S.


----------



## Cookiegal (Aug 27, 2003)

Great! :up:


----------



## iagoman (Nov 5, 2003)

I'll remove OTL, systemlook but keep HiJackThis in my BIN.
Keep up the great work.
Steve


----------



## Cookiegal (Aug 27, 2003)

Thanks.


----------



## iagoman (Nov 5, 2003)

You will NOT believe what has happened to my laptop!
I am on my iPad in order to send this to you.
After we were finished, I did a normal shutdown and then a re boot, that's 
When the laptop goes into a loop on startup.
The classic windows logo comes on,
A select screen appears, tries to boot 
Highlights "start windows normally"
Then goes through the same loop over and over.
I was able to get to the DOS prompt and ran chkdsk /p
It didn't find any errors.
I even took out the battery for about 30 minutes, hoping that would be the answer.
As I'm writing this, it has tried about four times to boot.
I highlighted the safe mode boot, but it just goes back to the loop again.
All I did was a normal shutdown and the a start.
I can't believe what is happening.
HELP!


----------



## Cookiegal (Aug 27, 2003)

Did you try choosing the Last Known Good Configuration option?


----------



## iagoman (Nov 5, 2003)

Yes, absolutely no effect. Just keeps on looping and trying to start windows.
Any ideas?
If you use Skype, I could show you what happens.
Steve

I just can't believe what is happening. Everything was perfect.


----------



## Cookiegal (Aug 27, 2003)

You said you were able to get a DOS prompt. Do you mean safe mode with a command prompt?

If so you could try running system restore from there:

*C:\WINDOWS\system32\Restore\rstrui.exe*


----------



## iagoman (Nov 5, 2003)

My DOs knowledge is very old.
I have a dos prompt showing as follows
C:\windows>
How to I change directories. Can you send me the exact format?


----------



## iagoman (Nov 5, 2003)

I keyed in at the c:\> chdir "windows\system32\rstrui.exe"
Came up with
The name specified is not a directory
Also tried it with the CD command.


----------



## Cookiegal (Aug 27, 2003)

You don't need to change the directory when using the full path.

At the command prompt type the following:

*%systemroot%\system32\restore\rstrui.exe*


----------



## iagoman (Nov 5, 2003)

I was able to get to the windows system32 restore 
Then I keyed in rstrui.exe and got command not recognized 
I gave the command dir *.exe To list files in that dir and I see
That the rstrui.exe file is there but I can't get it to run.


----------



## Cookiegal (Aug 27, 2003)

Did you use the command I posted?


----------



## iagoman (Nov 5, 2003)

I did it as shown from the C prompt and got 
T
he command is not recognized.
Here's how the display is
C:\>%systemroot%\system32\restore\rstrui.exe


----------



## Cookiegal (Aug 27, 2003)

Can you get the prompt back to C:\windows>?

Then run this command:
*
C:\WINDOWS\system32\Restore\rstrui.ex*e


----------



## iagoman (Nov 5, 2003)

I'm in that path of directories but the rstrui.exe doesn't execute,
Now a blue screen popped up with message that Windows has been shut down.
"A problem has been detected caused by spcmdcon.sys
Page fault in non paged area."
More info followed saying to restart the computer etc.
I think that a startup sector has been corrupted .????
I may have to take it to a local computer store if its a physical thing.
But, now to bed. I'm beat.
Steve


----------



## iagoman (Nov 5, 2003)

There are just two executable files residing in RESTORE
They are Rstrui.exe and srdiag.exe
When I try to run the rstrui.exe I get 
"The command is not recognized. Type HELP for a list of supported commands"
I remember a number of those DOS CMOS, but they are no help.
Steve
If you have no other ideas I will head off to my local computer store (not BEST BUY!
This store has recovery experts, but they are costly.
If I need a new hard drive, I will get another computer and enter into the Win 7 world.


----------



## Cookiegal (Aug 27, 2003)

I'm not sure exactly what you're doing there. When you run the command I gave you at the command prompt it should just open the system restore utility the same way it does when you do it when you're able to boot the machine.

But before you take it to a shop, I'm sure there's a way to invoke a system restore with another tool using a boot CD. I'll check with my colleagues on the instructions for that and let you know how to proceed.


----------



## iagoman (Nov 5, 2003)

It's at the shop. I'll keep you informed on what they find/do.
Steve


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.


----------



## iagoman (Nov 5, 2003)

HiAgain,
A lot has happened since my last note. To keep it short, the shop had to re-install Win/Xp Pro. 
I've spent the last two weeks trying to get my system back to the way it was, sans the problem, which, thankfully is gone.
In the interim my spouse was in the hospital for a week with bleeding ulcers! I think I should have been the one with that
condition (LOL, LOL).
I think you probably would have found the solution but I was hasty in going to the computer center.
I appreciate all the time and effort you put in. I applaud you.
Many thanks,
Steve


----------



## Cookiegal (Aug 27, 2003)

Thanks for reporting back.


----------

