Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Metropolitan Police Virus

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Mon Mar 12, 2012 7:26 am    Post subject: Metropolitan Police Virus Reply with quote

Hi,

What I have on my laptop seems to be a new version of the Metropolitan Virus. I am unable to post a log of any sort because normal safe mode or safe mode with networking don't work instead coming up with a white creen saying 'please wait while the connection is beeing established' instead of the initial, typical virus page.

However, I've been able to access safe mode with command prompt. From there by using 'msconfig' I've had a look at the Startup programs and there are three with suspicious sounding names. They are all called Saga Piano Yard Bread (a quick earch on the internet turns up with nothing) and they are all by 'SearchHelp, Inc' however the locations are different. Only one is in the users area (C:\Users\hifsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup) which I am perfectly happy to disable however the other two are registry files (HKCU\SOFTWARE\Microdoft\Windows\CurrentVersion\Run) which I am really afraid to touch.

I am sorry that I can't provide you with what you ask for usually but this is all I can do at the moment. If there's anything else I can do please let me know.

Also, I have both McAfee and and Malware's Anti-Malware installed.

Thank you.

Edit: I had a little look around using 'gpedit' to enable Task Manager and Registry Editor but no luck with that either. Also System Restore doesn't work either and Security centre is turned off as well any attempts to turn that on don't work. This is one big bind I've got myself in to and I'd be really appreciative of any and all help offered seeing as there isn't much to go on or many options.
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Tue Mar 13, 2012 4:56 pm    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Spyware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi Bleu and welcome to Spyware Warrior Forum :

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you once you can access those files.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.


I am currently reviewing your situation and will return, as soon as possible, with additional instructions.


Thank you for your patience.
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Wed Mar 14, 2012 9:39 am    Post subject: Reply with quote

Hello,

We're alright on the backing up front. There isn't any information which I would mind losing on there and even if I wanted to back-up what was there I can't do it because the only thing I can access is the command prompt. It's not a problem.

I'm using another laptop as the other one is completely unsusable but I'll print the instructions off just in case.

I've had the good fortune to have had some help from a colleague of yours in the past so I understand the risks. Thanks for re-iterating them.

Waiting both patiently as well as anxiously,

Bleu
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Thu Mar 15, 2012 8:06 am    Post subject: Reply with quote

Hi Bleu :

1. Download tools
From a clean computer, download:
a. Rkill... by Grinler
b. OTL ... by Old Timer
c. TDSSKiller.exe
Save all of the files into your USB Flash Drive.


2. Try to boot into computer normal mode in the infected computer. if you fail to boot into normal mode, then boot into safe mode with command prompt.
  • IF you boot into safe mode with command prompt, when the windows finish to load, it is come out with a command prompt windows, type explorer and press Enter button on your keyboard. Otherwise, start your windows explorer like normal.
  • When the windows explorer was opened, select My Computer and choose your USB flash drive.
  • Copy all the tools into your infected computer Desktop.



3. run rkill
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
  • Right click on the Rkill.com and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • A command window will open then disappear upon completion, this is normal.
    Do not reboot your machine until asked to do so.
    When finished, Notepad will open with a log file, automatically saved at C:\rkill.log.
  • Please copy and paste the contents of the rkill.log file, in your next reply.
    Please leave Rkill on the Desktop unless instructed otherwise.

Quote:
Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.



3. run TDSSKiller
  • Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT



4. run OTL.exe
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.



5. Checklist
Please post:

  • Rkill log
  • TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
  • OTL.txt and Extra.txt
  • An update on your problems

note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.
Note: Make sure you scan your USB drive before you use it in the clean computer (after used in the infected computer).

Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Fri Mar 16, 2012 10:23 am    Post subject: Reply with quote

I am really appreciative of the prompt reply but we were too late. I can't access command prompt either now and am faced with the Virus Screen. I do not mean to hurry you as I am very thankful of your help but as this -whatever it is- seems to be spreading any quick word of advice would be an absolute blessing. Apologies for bringing such a nuisance to you!
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Sat Mar 17, 2012 7:59 am    Post subject: Reply with quote

Hi Bleu :

Sorry for the computer. I need some detail before we proceed.

1. What is the brand and model of this infected computer? Dell, HP, Toshiba ....and which model?

2. What is the operating system of the computer? Xp, Vista, Windows 7... 32 bits or 64 bits computer?

3. Do you have Windows recovery disk? or any option that can repair windows?

4. Make sure you try to boot your computer without any CD/DVD/floopy disk/ USB disk being inserted into your computer, then try to boot again, can you boot into safe mode with command prompt again?

5. When you said you fail to boot, what type of message that windows display? or you actually can boot, but the virus BLOCK you from doing anything?

Sorry,
torreattack


Edit: To include question about 32 bits or 64 bits computer.
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Sun Mar 18, 2012 10:46 am    Post subject: Reply with quote

I don't know where to start. Being at my wit's end and fearing that it might completely destroy my laptop I used AVG's boot disk and that found and got rid of three trojans and a virus. However while the virus has left all I'm able to see is a black screen. I have regained control over command prompt though as the virus screen isn't there to block it anymore. While the virus is gone the changes it made to the machine are still there, Task Manager and regedit are still blocked Chkdsk has revealed corrupt registry files which are preventing a system restore.
Long story short I'm frustrated beyond anything possible but I do not expect you to offer any assistance as the removal of the infection was my own devision not yours. I'll still answer the questions you asked in case you find the situation saveable.

1. It's a Toshiba Tecra M10.
2. OS is Vista Business 64 bit.
3. I think this series of Toshiba has a built in recovery partition which is why I don't have a recovery disk.
4. Yes (in light of the situation now)
5. The virus blocked the screen like for the other two options and stopped me from doing anything. Now I'm faced with a black screen when I try to boot normally/safe mode/safe mode with networking.

Thank you for your patience and time.
Back to top
View user's profile Send private message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Sun Mar 18, 2012 12:29 pm    Post subject: Reply with quote

Whew, please disregard the previos post. I must thank you for asking me about any recovery tools as that reminded me to have a closer look at them. I was actually able to run disk checker which fixed all the registry errors and that allowed me to do a system restore. I was finally able to use task manager and started the various services that had been stopped.

Thanks again for providing the prompt! Everything seems to be working fine but I'm still apprehensive about what might have been left behind as I was prompted by the computer that wbptoo.dll failed to initialise and Malware Anti-malware has been disabled. Any suggestions as to what may be done next?

Again, thank you!
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Mon Mar 19, 2012 8:08 am    Post subject: Reply with quote

Hi Bleu :

Glad to hear that you computer can boot again, but next time please let's me know first before any "self fix" because it may complicated the matter.

1. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT



2. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.



3. Checklist
Please post:

  • TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
  • OTL.txt and Extra.txt
  • An update on your problems

note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Mon Mar 19, 2012 1:30 pm    Post subject: Reply with quote

Yes, sorry about that.

Ok, the logs then.

1. TDSSKiller

It found nothing, so no log there.

2. (a) OTL.Txt

The log is as follows:

OTL logfile created on: 19/03/2012 21:05:01 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hifsa\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.85 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 35.86% Memory free
3.95 Gb Paging File | 2.44 Gb Available in Paging File | 61.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.21 Gb Total Space | 58.71 Gb Free Space | 50.52% Space Free | Partition Type: NTFS
Drive E: | 115.21 Gb Total Space | 110.60 Gb Free Space | 96.00% Space Free | Partition Type: NTFS

Computer Name: HIFSA-PC | User Name: hifsa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\hifsa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lkads.exe (National Instruments Corporation)
PRC - C:\Windows\System32\nipxism.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\Update Service\niupdate.exe (National Instruments)
PRC - C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Windows\System32\nipalsm.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
PRC - C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
PRC - C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nimDNSResponder) -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niLXIDiscovery) -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (mxssvr) -- C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments Corporation)
SRV - (nipxirmu) -- C:\Windows\System32\nipxism.exe (National Instruments Corporation)
SRV - (NILM License Manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (nitsuu) -- C:\Windows\System32\nipalsm.exe (National Instruments Corporation)
SRV - (nidevldu) -- C:\Windows\System32\nipalsm.exe (National Instruments Corporation)
SRV - (ni488enumsvc) -- C:\Windows\System32\nipalsm.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (OpcEnum) -- C:\Windows\System32\Opcenum.exe (OPC Foundation)
SRV - (Authentec memory manager) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)


========== Driver Services (SafeList) ==========

DRV - (usb6xxxk) -- C:\Windows\system32\drivers\usb6xxxkl.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nimslk) -- C:\Windows\system32\drivers\nimslk.dll File not found
DRV - (mdmxsdk) -- system32\DRIVERS\mdmxsdk.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\system32\drivers\mbamswissarmy.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcHdmiAddService) Intel(R) -- system32\drivers\IntcHdmi.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Oracle Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (NiViPxiK) -- C:\Windows\System32\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV - (NiViPciK) -- C:\Windows\System32\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV - (niSynck) -- C:\Windows\System32\drivers\niSynckl.sys (National Instruments Corporation)
DRV - (niRFSA2k) -- C:\Windows\System32\drivers\niRFSA2kl.sys (National Instruments Corporation)
DRV - (ni1065k) -- C:\Windows\System32\drivers\ni1065k.sys (National Instruments Corporation)
DRV - (ni1045k) -- C:\Windows\System32\drivers\ni1045kl.sys (National Instruments Corporation)
DRV - (ni1006k) -- C:\Windows\System32\drivers\ni1006k.sys (National Instruments Corporation)
DRV - (nipxibrc) -- C:\Windows\System32\drivers\nipxibrc.sys (National Instruments Corporation)
DRV - (nipxibaf) -- C:\Windows\System32\drivers\nipxibaf.sys (National Instruments Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (nimxdfk) -- C:\Windows\System32\drivers\nimxdfkl.sys (National Instruments Corporation)
DRV - (nistreamk) -- C:\Windows\System32\drivers\nistreamkl.sys (National Instruments Corporation)
DRV - (niwfrk) -- C:\Windows\System32\drivers\niwfrkl.sys (National Instruments Corporation)
DRV - (niesrk) -- C:\Windows\System32\drivers\niesrkl.sys (National Instruments Corporation)
DRV - (nissrk) -- C:\Windows\System32\drivers\nissrkl.sys (National Instruments Corporation)
DRV - (nicmrk) -- C:\Windows\System32\drivers\nicmrkl.sys (National Instruments Corporation)
DRV - (niemrk) -- C:\Windows\System32\drivers\niemrkl.sys (National Instruments Corporation)
DRV - (niraptrk) -- C:\Windows\System32\drivers\niraptrkl.sys (National Instruments Corporation)
DRV - (nixsrk) -- C:\Windows\System32\drivers\nixsrkl.sys (National Instruments Corporation)
DRV - (nicsrk) -- C:\Windows\System32\drivers\nicsrkl.sys (National Instruments Corporation)
DRV - (niufurk) -- C:\Windows\System32\drivers\niufurkl.sys (National Instruments Corporation)
DRV - (nipxigpk) -- C:\Windows\System32\drivers\nipxigpk.sys (National Instruments Corporation)
DRV - (nipxirmk) -- C:\Windows\System32\drivers\nipxirmkl.sys (National Instruments Corporation)
DRV - (nicanpk) -- C:\Windows\System32\drivers\nicanpkl.sys (National Instruments Corporation)
DRV - (nidimk) -- C:\Windows\System32\drivers\nidimkl.sys (National Instruments Corporation)
DRV - (nimdbgk) -- C:\Windows\System32\drivers\nimdbgkl.sys (National Instruments Corporation)
DRV - (nisrcdk) -- C:\Windows\System32\drivers\nisrcdkl.sys (National Instruments Corporation)
DRV - (nipalusbedl) -- C:\Windows\System32\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV - (NIPALK) -- C:\Windows\System32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (nipalfwedl) -- C:\Windows\System32\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV - (nipsdk) -- C:\Windows\System32\drivers\nipsdkl.sys (National Instruments Corporation)
DRV - (nitsuk) -- C:\Windows\System32\drivers\nitsukl.sys (National Instruments Corporation)
DRV - (nistc3rk) -- C:\Windows\System32\drivers\nistc3rkl.sys (National Instruments Corporation)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nipbcfk) -- C:\Windows\System32\drivers\nipbcfk.sys (National Instruments Corporation)
DRV - (nidmxfk) -- C:\Windows\System32\drivers\nidmxfkl.sys (National Instruments Corporation)
DRV - (nidwgk) -- C:\Windows\System32\drivers\nidwgkl.sys (National Instruments Corporation)
DRV - (nisdigk) -- C:\Windows\System32\drivers\nisdigkl.sys (National Instruments Corporation)
DRV - (nidsark) -- C:\Windows\System32\drivers\nidsarkl.sys (National Instruments Corporation)
DRV - (nitiork) -- C:\Windows\System32\drivers\nitiorkl.sys (National Instruments Corporation)
DRV - (nisftk) -- C:\Windows\System32\drivers\nisftkl.sys (National Instruments Corporation)
DRV - (ninshsdk) -- C:\Windows\System32\drivers\ninshsdkl.sys (National Instruments Corporation)
DRV - (nimsdrk) -- C:\Windows\System32\drivers\nimsdrkl.sys (National Instruments Corporation)
DRV - (nifslk) -- C:\Windows\System32\drivers\nifslkl.sys (National Instruments Corporation)
DRV - (nimxpk) -- C:\Windows\System32\drivers\nimxpkl.sys (National Instruments Corporation)
DRV - (nimstsk) -- C:\Windows\System32\drivers\nimstskl.sys (National Instruments Corporation)
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()
DRV - (ni488k) -- C:\Windows\System32\drivers\ni488k.sys (National Instruments Corporation)
DRV - (ni488lock) -- C:\Windows\System32\drivers\ni488lock.sys (National Instruments Corporation)
DRV - (niRFSGk) -- C:\Windows\System32\drivers\niRFSGkl.sys (National Instruments Corporation)
DRV - (nitnr2k) -- C:\Windows\System32\drivers\nitnr2kl.sys (National Instruments Corporation)
DRV - (nihsdrk) -- C:\Windows\System32\drivers\nihsdrkl.sys (National Instruments Corporation)
DRV - (niswdk) -- C:\Windows\System32\drivers\niswdkl.sys (National Instruments Corporation)
DRV - (nistcrk) -- C:\Windows\System32\drivers\nistcrkl.sys (National Instruments Corporation)
DRV - (nimru2k) -- C:\Windows\System32\drivers\nimru2kl.sys (National Instruments Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (nimsrlk) -- C:\Windows\System32\drivers\nimsrlk.dll (National Instruments Corporation)
DRV - (nicdrk) -- C:\Windows\System32\drivers\nicdrkl.sys (National Instruments Corporation)
DRV - (nispdk) -- C:\Windows\System32\drivers\nispdkl.sys (National Instruments Corporation)
DRV - (niscdk) -- C:\Windows\System32\drivers\niscdkl.sys (National Instruments Corporation)
DRV - (nisldk) -- C:\Windows\System32\drivers\nisldkl.sys (National Instruments Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (niorbk) -- C:\Windows\System32\drivers\niorbkl.sys (National Instruments Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (nistc2k) -- C:\Windows\System32\drivers\nistc2kl.sys (National Instruments Corporation)
DRV - (lvalarmk) -- C:\Windows\System32\drivers\lvalarmk.sys (National Instruments Corporation)
DRV - (DM9USB) -- C:\Windows\System32\drivers\dm9usb.sys (DAVICOM Semiconductor, Inc.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\Windows\System32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (nidmmk) -- C:\Windows\System32\drivers\nidmmk.dll (National Instruments Corporation)
DRV - (Nidaq32k) -- C:\Windows\System32\drivers\nidaq32k.sys (National Instruments Corporation)
DRV - (nistck) -- C:\Windows\System32\drivers\niSTCk.dll (National Instruments Corporation)
DRV - (nimdsk) -- C:\Windows\System32\drivers\nimdsk.dll (National Instruments Corporation)
DRV - (nibffrk) -- C:\Windows\System32\drivers\nibffrk.dll (National Instruments Corporation)
DRV - (niarbk) -- C:\Windows\System32\drivers\niarbk.dll (National Instruments Corporation)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\SearchScopes,DefaultScope = {D1CE6F16-4176-4D2F-AED5-01A19040ECC3}
IE - HKLM\..\SearchScopes\{D1CE6F16-4176-4D2F-AED5-01A19040ECC3}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSEA_en-GBGB442&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=NHACN-vviMkoLU86FYxHycuWwLg?q={searchTerms}
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\..\SearchScopes\{D1CE6F16-4176-4D2F-AED5-01A19040ECC3}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBGB442
IE - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/webhp?hl=en"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 22:43:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/26 09:22:51 | 000,000,000 | ---D | M]

[2011/07/28 18:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hifsa\AppData\Roaming\Mozilla\Extensions
[2012/03/19 20:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hifsa\AppData\Roaming\Mozilla\Firefox\Profiles\168lvbz2.default\extensions
[2011/12/11 20:26:34 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\hifsa\AppData\Roaming\Mozilla\Firefox\Profiles\168lvbz2.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2012/03/05 03:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 16:49:15 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/05 03:42:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HIFSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\168LVBZ2.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
File not found (No name found) -- C:\USERS\HIFSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\168LVBZ2.DEFAULT\EXTENSIONS\SAM@SAMFIND.COM
[2012/02/17 22:43:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/25 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/03/05 03:40:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/25 12:57:18 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2010win32.dll
[2005/10/12 14:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 18:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 13:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv86win32.dll
[2010/05/25 11:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2012/02/14 16:39:51 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/14 16:39:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 16:39:51 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/14 16:39:51 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/14 16:39:51 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\hifsa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\hifsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: National Instruments LabVIEW 2010 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2010win32.dll
CHR - plugin: National Instruments LabVIEW 8.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 8.5 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv85win32.dll
CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\hifsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\hifsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Click to call with Skype = C:\Users\hifsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: Gmail = C:\Users\hifsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\niupdate.exe (National Instruments)
O4 - HKLM..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
O4 - HKLM..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000..\Run: [NIRegistrationWizard] C:\Program Files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2819502753-1092490899-1643197255-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 143.167.2.110 143.167.252.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C0201E9-C156-4983-A6F6-FF2D73A14134}: DhcpNameServer = 192.168.4.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EB6D0ED-0A15-47C2-BAAA-A060E5A892F6}: DhcpNameServer = 143.167.2.110 143.167.252.110
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58c277c5-b6c9-11e0-9d13-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58c277c5-b6c9-11e0-9d13-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 21:04:11 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\hifsa\Desktop\OTL.exe
[2012/03/19 20:54:02 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\hifsa\Desktop\tdsskiller.exe
[2012/03/19 02:55:34 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/03/18 20:20:20 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/18 20:19:53 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/18 20:19:53 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/18 20:19:53 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/18 20:19:53 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/18 20:19:52 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/18 20:18:55 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/12 14:35:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/05 03:42:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/05 03:42:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/05 03:42:02 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/01 15:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2012/02/27 00:29:44 | 000,000,000 | ---D | C] -- C:\Users\hifsa\Desktop\Jobs - 27th Feb
[2012/02/22 03:25:42 | 000,000,000 | ---D | C] -- C:\Users\hifsa\Desktop\Taibah
[2 C:\Users\hifsa\Desktop\*.tmp files -> C:\Users\hifsa\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/19 21:08:02 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B36594A4-3C49-4CA3-8241-CA706B6D3BDF}.job
[2012/03/19 21:03:42 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hifsa\Desktop\OTL.exe
[2012/03/19 21:01:19 | 000,008,192 | ---- | M] () -- C:\Users\hifsa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/19 20:55:12 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/19 20:55:12 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/19 20:52:51 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\hifsa\Desktop\tdsskiller.exe
[2012/03/19 20:49:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/19 20:48:09 | 000,376,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/19 20:48:09 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 20:48:09 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 20:48:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 20:47:32 | 1987,272,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 20:33:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/11 17:34:46 | 000,000,032 | ---- | M] () -- C:\Users\hifsa\jagex_cl_runescape_LIVE.dat
[2012/03/11 11:27:04 | 006,598,553 | ---- | M] () -- C:\Users\hifsa\Desktop\pop maths quiz.jpg
[2012/03/08 20:34:37 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/05 22:10:31 | 258,358,857 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/05 03:40:55 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/05 03:40:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/05 03:40:54 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/05 03:40:54 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/03 00:04:02 | 000,000,024 | ---- | M] () -- C:\Users\hifsa\jagexappletviewer.preferences
[2012/03/02 22:50:44 | 000,002,435 | ---- | M] () -- C:\Users\hifsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Toshiba TEMPRO Alerts.lnk
[2012/02/28 16:30:59 | 000,000,045 | ---- | M] () -- C:\Users\hifsa\jagex_cl_runescape_LIVE1.dat
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Users\hifsa\Desktop\*.tmp files -> C:\Users\hifsa\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/18 18:23:02 | 1987,272,704 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/17 13:09:54 | 000,000,863 | ---- | C] () -- C:\Users\hifsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk
[2012/03/11 11:27:21 | 006,598,553 | ---- | C] () -- C:\Users\hifsa\Desktop\pop maths quiz.jpg
[2012/02/28 23:56:52 | 000,002,435 | ---- | C] () -- C:\Users\hifsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Toshiba TEMPRO Alerts.lnk
[2011/12/14 15:57:28 | 000,000,000 | ---- | C] () -- C:\Users\hifsa\AppData\Local\{560D9889-0494-48DF-AD95-9D483C2B975D}
[2011/12/11 20:40:13 | 000,008,192 | ---- | C] () -- C:\Users\hifsa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 22:53:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/28 22:53:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/28 22:51:56 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/25 17:46:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/25 14:40:29 | 000,000,680 | ---- | C] () -- C:\Users\hifsa\AppData\Local\d3d9caps.dat
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/06/16 13:40:44 | 000,066,144 | ---- | C] () -- C:\Windows\System32\cfswitch.dll
[2010/06/15 16:28:52 | 000,050,272 | ---- | C] () -- C:\Windows\System32\nispdu.dll
[2010/06/10 13:46:20 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2010/06/02 17:44:54 | 000,003,520 | ---- | C] () -- C:\Windows\System32\nipalpg.dll
[2010/05/18 22:49:32 | 000,098,400 | ---- | C] () -- C:\Windows\System32\nihsdccexportu.dll

< End of report >

-----------------------------------------------------------------------------------

(Please see the next post for the other log)
Back to top
View user's profile Send private message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Mon Mar 19, 2012 1:34 pm    Post subject: Reply with quote

(continued)

(b) Extra.Txt

Here's it's log:

OTL Extras logfile created on: 19/03/2012 21:05:01 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hifsa\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.85 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 35.86% Memory free
3.95 Gb Paging File | 2.44 Gb Available in Paging File | 61.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.21 Gb Total Space | 58.71 Gb Free Space | 50.52% Space Free | Partition Type: NTFS
Drive E: | 115.21 Gb Total Space | 110.60 Gb Free Space | 96.00% Space Free | Partition Type: NTFS

Computer Name: HIFSA-PC | User Name: hifsa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2819502753-1092490899-1643197255-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F62102C-CAB8-405E-ABB7-E7FCD87760C5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{131CF3CE-C8F2-442D-BCD6-F0E03D38504C}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{56A59270-0A2B-44A2-AD86-BB48383C2938}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7515FFFB-80BA-42F9-A7E8-FE177011A178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A94C210-0C2A-4DD8-BFB4-07E54C46F6EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7F467EC5-8969-496B-B9D5-2B8C4A50BFEC}" = protocol=17 | dir=in | app=c:\windows\system32\nipalsm.exe |
"{843A71BA-A945-4E71-B08D-5A7A168B4CF0}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{856C719A-08ED-44D8-989D-49A0BFF4627F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9A2751A3-065F-42FC-8A88-33042302E185}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\systemwebserver.exe |
"{E5F6C382-08E6-4DA2-8EE5-31DBE799144B}" = protocol=6 | dir=in | app=c:\windows\system32\nipalsm.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\systemwebserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CF3725-EE33-4308-BBF9-90BF6AC43814}" = NI Logos 5.2.0
"{01EDE5EB-64AB-4C69-83C7-A4E40C791B3E}" = NI LabVIEW 2010 Simulation
"{03148858-69DC-4143-8CA0-12972E5922F8}" = NI LabVIEW 2010
"{03183CF3-BCA6-4922-86F4-7D0F9752439D}" = NI System Configuration 1.1.0 LabVIEW Support
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{03FECA97-52A3-4079-937E-7840EE4FF52C}" = NI Web Application Server 1.0
"{058D1518-7DE5-43D0-9563-6740DD71E2A5}" = NI-MX Expert Framework 2.5.0
"{06BF046D-7CDE-495B-82F3-52E185DC0714}" = NI LabVIEW SignalExpress 2010 LabVIEW Support
"{06E94DFA-ECCE-4A6D-BDCA-1F00D030B0C0}" = NI LabVIEW Merge Utility 10.0.0
"{078A5D0D-BF50-4BB1-89FB-1018391E9F06}" = NI LabVIEW 2010
"{08133ED0-B6EB-49CD-B0EF-60502E41D15E}" = NI Xerces Delay Load 2.7.1
"{09860281-0D72-418B-B691-CADCE0AF2192}" = NI Assistant Framework LabVIEW 2010 Support
"{0AAB121C-8EA7-49F5-B37C-DF117FB46771}" = NI LabVIEW Run-Time Engine 2009 SP1
"{0C5ACB7F-72BF-4524-9884-C1C1DFF18E3F}" = Origin7
"{0CF669FF-D168-4CA3-8D9B-E5B74C192E88}" = NI Variable Engine LabVIEW 2010 Support
"{0D3F2D86-F2F2-4B05-BB46-83C15DC88CD1}" = NI LabVIEW 2010 Real-Time Error Dialog
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0E8D3892-ACCE-4C2E-A8D1-6D9FFC4E2271}" = NI-RFSG 1.6.4
"{0F49F0AC-B14D-40B7-9848-EBA6B3A5C123}" = NI LabWindows/CVI 2009 Run-Time Engine
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FCE0BA9-8AD4-4622-9ADF-EFF0355EEAE7}" = NI LabVIEW Run-Time Engine Interop 2009
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{1052C0CF-35BC-4B3D-BCB2-D0CE96CA81E9}" = NI PXI Platform Services 2.5.6
"{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{15B05C75-6B0C-4969-BD33-C9B8FBEFA251}" = NI LabVIEW 2010 License
"{1737B24D-9C72-4478-8B9C-092E88C92E9F}" = NI-SCOPE 3.6.2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185C5A2C-AD9C-4B78-BE72-CC321457669D}" = NI-HSDIO 1.7.3
"{19F59734-0740-49E6-818D-53C1CA6B4ABE}" = NI System State Publisher
"{1CC6055C-CF22-4FF3-A92E-2B8F7B505173}" = NI-MDBG 1.10.0f0
"{1E5C217C-FEE5-4A54-8A07-F6308D112CB3}" = NI MXS 4.7.0
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{20F02F78-9022-4E29-9094-08221E287D29}" = NI LabVIEW SignalExpress 2010 Datatypes LabVIEW 2010 Support
"{21C5EC7C-4395-45BD-8AED-A4E6A044C399}" = NI DHV DCMP Installer 1.2.0f1
"{21EF2C48-A06F-4001-8E0B-72DCA779860F}" = NI DataSocket 4.8
"{2254CBFE-56BB-47BD-9958-5103AA58C5F7}" = NI System Web Server Base 1.0
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2696B0FE-8B3D-4718-ABEC-477CD65A13C3}" = NI-TSU 1.3.0f0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A1D8659-8859-4D0B-BA64-13D9BB610832}" = NI Spy API LV2010
"{2AC3708F-0150-443B-BAD5-0FE7EFE43A91}" = NI-DAQ Document Set 9.1.5
"{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}" = NI LabVIEW 2010 Real-Time NBFifo
"{2C13B0F2-1EB6-4704-BE23-EDBC6270CECB}" = NI LabVIEW 2010
"{2C751795-11E7-41B4-8E42-DC361717DBCB}" = NI Software Provider for MAX 4.7.0
"{2F6FE209-77BD-4F66-A285-87336EB8EEF2}" = NI AFW Custom UI
"{2FC890C7-B8D2-4CCE-B9A6-7DC38B4980CD}" = NI-DAQmx Documentation 9.1.5
"{30FC5877-BBA0-41C4-8A1D-ED914194610E}" = NI LabVIEW 2010
"{320033F9-B001-42D3-B45A-474E6C8FFFB1}" = NI PXI-5660 Support
"{322D52FA-6C1B-4025-A7A8-6125BBB9DE19}" = NI-SWITCH 4.0.2
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33049789-BE8F-4037-BB02-51FFD4837DA5}" = NI LabVIEW 2010
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{397E268E-FB51-4C23-A496-1031B8F1CCEE}" = NI AFW UI Assemblies
"{39D5152B-ED79-4117-B781-A4E3A7AB0EBB}" = NI LabVIEW SignalExpress 2010 Core
"{3AC465DB-700E-4A68-9AC9-33F61A2E7ABA}" = NI Trace Engine
"{3AE12D2D-5032-4564-984F-4B22F05C5B0B}" = NI-P2P 1.1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CEF952C-2808-4A93-BEB0-5744F48EBD5B}" = NI Curl 1.0
"{3E7D4FE9-B834-4318-9F48-DDC1F2183F56}" = NI-VISA 5.0.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4027672A-3560-4B71-973F-B348DF175E3E}" = NI LabVIEW 2010
"{4058873D-3915-449A-9879-17149E06EA2F}" = NI SSL Support
"{41313B23-25A9-4CDF-BA6E-F721FAE53664}" = NI Update Service
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41A0986C-CED7-4C93-AFF2-DC8566253B7B}" = NI MetaSuite Installer
"{44CD79C3-375F-41C8-977E-97BB3E520B30}" = NI Assistant Framework
"{44F3B272-B495-4674-B6EE-C7E808D33B55}" = NI-DMM 3.0.3
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{47A6062D-C035-4FE7-8974-675E23188510}" = NI-DAQ INF Files 19.1.5
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{49C6FE81-CE63-4B49-A295-7A10B96D36CD}" = NI LabVIEW 2010 Deployable License
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F12CD-3AF0-48E0-BC55-22313248381C}" = NI LabVIEW 2010 Search
"{4C6F8199-E1B2-4F60-9099-A9298D8EA4D6}" = NI-MXDF 1.11.5f1
"{4CFE677E-1256-4B27-B91E-5450F9E1FEAE}" = NI LabVIEW 2010
"{4E97AAFD-E743-43FE-B876-CD29D40AEA29}" = NI Measurement & Automation Explorer 4.7.0
"{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0
"{50734064-7E5F-4767-93C9-D084BB290306}" = NI FSL Installer 1.10.0
"{51C2BCE4-2014-44F5-9F94-D32685712504}" = NI LabVIEW SignalExpress 2010 Core LabVIEW 2010 Support
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1
"{5423BE44-BD51-4BD9-B345-AE16E8A90D5D}" = Traditional NI-DAQ Documentation
"{55AF38A4-B9BB-4052-86D8-F6C3A2D5DB78}" = NI Portable Configuration 4.7.0
"{56C9725B-CA13-4FAE-8CDB-E70906AFAEE3}" = NI LabWindows/CVI 2009 Code Generator
"{5795409A-3154-41E1-BA26-99050D4FA9AE}" = NI LabVIEW SignalExpress 2010 Core LabVIEW Support
"{581498B4-41DE-4D49-BB34-962369C461EF}" = NI IVI Online Help
"{59A4D1C4-BB47-4AB5-9851-372BD1643EFD}" = NI Instrument IO Assistant for LabVIEW 2010 32-bit
"{59B7E8FF-7BE3-4C91-A8E9-0D998D578329}" = NI OPC Support
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5A058AEE-AD41-4F5A-A1E3-D5593A876B63}" = NI-CAN Driver Files
"{5BAB8491-7E38-4E8F-862A-60A9A490519A}" = NI-PAL 2.5.4f0 for Phar Lap ETS
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE85603-6F8B-42A5-A4DF-EB3728634B3B}" = NI System Configuration LV2010 1.1.0
"{5FEB9242-D6C3-4CE9-956C-1B4CB563AF2E}" = NI-DAQmx 9.1.5
"{6052FD3A-E988-4302-983F-642197DBDA8D}" = NI Assistant Framework LabVIEW Code Generator 2010
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61A4B79C-85E0-4063-B56E-5E8AF8ECB204}" = NI-MXLC LabVIEW 8.5 Support
"{61C5D53F-A358-4288-AC9C-260A8E43BD55}" = NI LabVIEW SignalExpress 2010 Licenses
"{63E19B33-DD24-4EAB-9E77-6735C2171CE4}" = NI VC2005MSMs x86
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{647522DC-873A-4668-97BB-501A87D64911}" = NI-VISA 5.0.0 MAX Provider
"{659DB5F3-D59C-4DFF-B6EF-685A4BEA9DE4}" = NI Timing Installer 2.1.0
"{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}" = NI LVBrokerAux8.0
"{6671B525-83B9-4A0F-89F9-7BE90C138EA8}" = NI IVI Class Drivers
"{673E0ADC-0F04-420F-B250-3AE72B2A78E4}" = NI Logos LabVIEW 2010 Support
"{6B0A94E3-31BA-4939-8BFE-2367D9FB11BB}" = NI LabVIEW SignalExpress 2010 Datatypes
"{6B1E45FE-090D-4561-AB3E-E6744A6630DB}" = NI-RFSA 2.3.2
"{6C5BE2A1-00CA-4971-9A07-A3EBD9D363DF}" = NI-DAQmx Switch Core 2.0.1
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CD33838-7432-4BD3-93FE-A5C40A068BBB}" = NI MAX Remote Configuration Installer 4.7
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B5FBFF-14D7-4F83-90BF-3C6F5C300B7B}" = NI-HSD Driver 1.11.0f8
"{71EB7C12-7E89-48E3-847D-23FB069E93FA}" = NI AFW Custom UI Assemblies
"{73661C77-DB65-416D-9B7A-543AC88EA846}" = NI LabVIEW 2010 Manuals
"{73726D40-91B7-4889-8F06-F31797D2A4D9}" = NI AFW Channel Configuration Tool
"{74441ED8-D862-4C37-B34D-AAC69C4E8BFB}" = NI STC 1.8.0
"{74C9CAE2-7D42-40C2-A0CC-15393E12AABC}" = NI LabVIEW 2010 Web Server
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7A302275-FAB9-4369-BE7B-68CE3EA989CB}" = NI LabVIEW SignalExpress 2010 Tools
"{7BB22289-73C8-4416-9F14-260463CD88E3}" = NI IVI Class Simulation Drivers
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7F5571D1-1FFD-4961-99D5-97A621D69506}" = NI Uninstaller
"{7F8DF8BD-8D20-4F43-954A-36230221C046}" = NI-DAQ C and VB6 API 2.1.0
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{82D36A8D-12B3-45D9-B9B5-9FE5DAFBBF1E}" = NI-DIO Driver 1.7.1f0
"{82EDDD8D-D07B-4E3F-912D-70D966AB95F2}" = NI-653x Installer 1.9.2
"{8327309A-62EA-44CF-B708-B9D98963EF42}" = NI LabVIEW 2010 Help
"{854F1FA6-3EC9-4108-BE1D-F7D2307BAE81}" = NI IVI Provider for MAX
"{8695FC18-0685-4F47-B8C4-E09BC03935C6}" = NI LabVIEW Compare Utility 10.0.0
"{86CD8FBB-39DA-4E20-B258-EC34D6437D88}" = NI-APAL 2.0 Error Files
"{8744707C-0AA9-4F8B-86E3-A9DC8A9B1023}" = NI-Tuner 1.7
"{8875F085-4F00-4462-B52F-507E568EB75F}" = NI SSL LabVIEW 2010 Support
"{88E32636-59E6-4ABA-89D6-0A58797927F7}" = NI-MXLC Core (32-bit)
"{89FC36E5-5C62-499B-8207-9014C484F65C}" = NI-RPC 4.2.0f0
"{8B94FEEB-3DFD-4F2F-A5B8-34041D205FFF}" = NI-FGEN 2.7.4
"{8D497DEB-7A6B-4CD5-BECF-ABBFF4B12BAD}" = NI ModInst 1.5.2
"{8D57780E-42A2-438C-9977-E2CDF3F02D07}" = NI IVI Compliance Package 4.2
"{8DA7D661-2184-4B78-8220-73F9878E9992}" = NI USI 1.8.0
"{8E019511-DE71-43A1-84BB-4D3CEFD26853}" = NI-DNET 1.6.5
"{8F908EB7-C8FA-4128-BAF2-76D89F5C4DD0}" = NI LabVIEW SignalExpress 2010 Steps
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{917961E5-1E72-4373-9F5A-C095DBD3C5E5}" = NI-MXLC LabVIEW 2009 Support
"{94748C43-8C0A-410E-9C84-AD718C494307}" = NI LabVIEW 2010
"{94F8151E-1946-4D81-9FBF-E167DF25954A}" = NI LabVIEW Run-Time Engine 8.0
"{951B982C-04C6-40AD-88EB-E79DA4E229BF}" = NI-DAQ Provider for MAX
"{96ED4AD0-E5D3-4C6F-8DB1-5BDA7BC490DF}" = NI-CAN Provider for MAX
"{986590F8-6647-410E-8674-EDB483FA5E45}" = NI Dynamic Signal Acquisition Installer 2.0.0
"{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0
"{9B52914C-704D-4FF9-8A78-2897540D2E0E}" = NI LabVIEW EWB DeviceHandler 2010
"{9BC9F84D-DF93-4AE5-A5F7-FB3A39D86CF6}" = NI LabVIEW Run-Time Engine 8.5.1
"{9C1794A9-4514-4D81-91BB-570CCE1F1F0C}" = NI LabVIEW 2010
"{9CF52CBF-7F12-4194-B80B-8B73C2C03C1D}" = NI-PAL 2.5.4f0
"{9E6EF1B0-906A-437A-8513-EB066DACC9E9}" = NI LabVIEW SignalExpress 2010
"{9F4ACDF5-D186-4C61-BAE3-80DDEAB4CE6F}" = NI LabVIEW Run-Time Engine Interop 2010
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1D99DC3-2BB9-4B84-B061-E127486AEB46}" = NI IVI Engine
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A263CB7A-0BBF-4D9C-A749-F226AE92AAFD}" = NI SCXI 1.13.5
"{A27F9884-D0F7-4788-B016-CC55FA3015D3}" = NI Logos XT Support
"{A5B57591-4E0C-4EF0-8954-11781BC5CCA1}" = NI Remote PXI Provider for MAX 4.7.0
"{A633FB85-66CF-4472-9B5D-7D97E4170E21}" = NI Sound and Vibration Frequency Analysis LabVIEW 2010 Support
"{A8BE8637-98A7-4CFA-B064-44253A96DD69}" = NI mDNS Responder 1.3.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A999B934-1EBA-415F-BA5B-5036E0811956}" = NI Example Finder 10.0
"{AA4D6C55-2040-432D-9EEE-BFBF39A25D7B}" = NI-CAN 2.7.1 ADE Support Files
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AB47CDC5-94D2-4329-AD2B-3E2BF2EED84C}" = NI Common Digital 1.11.0
"{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}" = NI Math Kernel Libraries
"{AB641E60-38DE-4F9B-918A-3FA2C3DD44BF}" = NI-DAQmx support for LabVIEW 1.14.0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{ABFA94BE-4FC0-4D4D-B395-645D938B8854}" = Oracle VM VirtualBox 4.1.0
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC7E8084-2CE3-43A7-8E16-9C99B2CCC9AE}" = NI Instrument I/O Assistant
"{AE48C419-918C-4ADC-89CC-4209AB0531B9}" = VISA Shared Components
"{AEC75263-1D99-49A2-BA7A-C449FD7F320F}" = NI-488.2 2.7.3
"{B013FB37-8B2E-4BE1-A21E-CCB0641D3CAE}" = NI-Sync 3.2.1
"{B02DF253-C315-4869-BB65-0054B0C2A0A4}" = NI LabVIEW 2010 Help File
"{B1CFB647-2185-4AB9-BF38-FDD5D9B5F53B}" = NI TDMS
"{B378AD16-8A9F-47B2-8225-3CB339465FAF}" = NI PXI Platform Framework 1.3.0
"{B4D09BE5-59C1-434C-85D9-DBF135A44CB6}" = NI Authentication 1.0
"{B58E623A-A63D-4890-8FE6-88EA20655C66}" = NI-DCPower 1.4.1
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B937AF41-B4B5-44FF-8670-46110C2EFCDE}" = NI DN 2.0 SP1 installer
"{BA0C74BC-3CE2-4BDE-BEC8-C330EAB9A3B1}" = NI-MRU 2.11.1f0
"{BC3A030D-494A-44C7-BF26-CE3E440FA4F8}" = NI-MXLC LabVIEW 8.6 Support
"{BD4EE2C2-7945-4C2D-8F96-5E5031AE256F}" = NI-TNR Driver
"{BD7905FA-8134-4B25-88D0-0A944B5BA4F7}" = NI Remote Provider for MAX 4.7.0
"{BF903074-1312-47E4-8845-267BCA9586C2}" = NI MDF Support
"{C065D2C5-7CF8-4544-948E-82694CF89919}" = NI-488.2 Provider for MAX version 2.7.3
"{C08DB9FC-872E-4670-B583-E7BD87BCFDE6}" = NI-DAQmx ADE Support 9.1.5
"{C1C8BDB9-8FBA-4200-B5D4-18EB27850916}" = NI-DAQmx/LabVIEW shared documentation 1.7.5
"{C2AD80E1-9484-42F4-BA13-B3B045723ACB}" = NI Variable Engine 2.4.0
"{C4108512-C5CF-420B-BDD0-8EE971B5A6EB}" = NI LabVIEW SignalExpress 2010 LabVIEW 2010 Support
"{C44C83FA-9F49-4D6A-B3E5-DD67FE0F9535}" = NI Calibration Provider for MAX 4.7.0
"{C5EFB7E4-2C2D-4295-938D-2E615D111C19}" = NI Sound and Vibration Frequency Analysis 2010
"{C671D88B-4579-426F-BE35-D35E40A07737}" = NI DAQ Assistant 1.13.0
"{C77D7C5C-613E-4A4B-B654-CF416A0E97AB}" = NI System Configuration 1.1.0
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA30E58F-D4AA-43B9-B740-29D358357B2F}" = NI LabVIEW 2010 Deployment Framework
"{CAE1E75A-00F5-4876-A3D7-196F201D570E}" = NI PXI SystemAPI Expert 2.5.6
"{CC5A6C44-88E7-4BB8-904D-A4C12B378D00}" = NI-TClk 1.8.1
"{CCE4D322-0CBA-4C3D-8930-07A018C175D3}" = NI PXI Platform Services 2.5.6 Configuration Support
"{CD8DC58F-465B-4E04-853C-C43E7950FA86}" = NI LabVIEW Run-Time Engine 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF3B70CF-4ABD-44D8-9AFC-02424CC4DF8F}" = NI Network Browser 32-bit 1.1.0
"{CFA85017-6556-4FBA-B6C8-6C831DDA87CF}" = NI System API Windows 32-bit 1.1.0
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D50BA9B6-7FFE-4525-A9F2-720923086D6F}" = NI-VISA Server 5.0.0
"{D581FB60-4827-4AB0-9BF0-A1159C1D0579}" = NI License Manager
"{D7D2E7D9-4DE3-4B42-B0D1-A4C1838EDA22}" = NI-DAQmx MAX Configuration Support 9.1.5
"{D9D03B61-8D62-4C0F-8C43-814BEE88F6DB}" = NI-TimeSync 1.0
"{DAA922C9-D005-4F98-8543-D94DD103F491}" = NI LabVIEW 2010
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB68B420-5382-48EE-9A2A-CB984FEBB192}" = NI LabVIEW Web Server for Run-Time Engine
"{DC80B41D-8A03-40E1-89BD-FA9707B042BD}" = NI-P2P 1.1.0 Support for LabVIEW 2010 (32-bit)
"{DCA3D701-664B-4C87-9C31-2DBD47BACC2F}" = NI EULA Depot
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DF2AC813-5956-43A1-A5F0-318C20F27BF1}" = NI-VISA Runtime 5.0.0
"{E07DFE00-428C-4505-9E0E-BB1D6BE2BF6E}" = NI Measurement Studio Common .NET Assemblies for .NET 2.0
"{E0C32607-2DD4-4124-9A74-351D135FAD4B}" = NI Distributed System Manager 2010
"{E0FAE62B-53FE-4433-B4C3-004D6592EE80}" = IVI Shared Component
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E4DA55EF-5374-4E3D-B3A7-9DA930E25414}" = NI LabVIEW Web Services Runtime
"{E56DC414-407B-4F32-B86A-E6B47A990F63}" = NI MIO Device Drivers 2.4.5
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E6C0EA48-8AF1-4A1C-9383-8F0706F22431}" = NI LabWindows/CVI DLL Builder for LabVIEW
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{E7C42C98-7DD2-4E9C-AB29-A7659458B97D}" = NI IVI Class Driver LabVIEW 2010 Support
"{E899657B-60CA-4C1B-8DB5-FB0DA297A030}" = NI-MXLC LabVIEW 2010 Support
"{E9A1C394-7F4D-4548-920C-6665C5E5EF5F}" = NI System Web Server 1.0
"{EBBDA379-B0B0-46DE-BF05-1EF2B171C120}" = NI Spy 2.7.2
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC45867D-83A8-4ECF-911A-154CD98BD592}" = NI Measurement Studio 8.6 Enterprise RunTime for VS2005
"{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86
"{ECA841EF-06B7-42F2-973E-A4D3E30EC2FA}" = NI LabVIEW 2010 MeasAppChm File
"{ED506D4A-8581-40D6-B527-9929D26C799E}" = NI-CAN 2.7.1
"{EF367060-8B96-4290-BB4D-13D435408C89}" = NI LabVIEW Run-Time Engine 2010
"{F1DFA755-68D2-4562-8D8F-18F2DBCEA288}" = NI Script Editor 1.3.2
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F444664E-87EE-43D1-B829-0F78D3F20C79}" = NI TDM Excel Add-In 3.2
"{F7A7C15E-EA7C-47E9-870C-6ABFF1D19EC2}" = NI Web Interface Framework 1.0
"{F8ECD2D6-659C-49EB-8454-5F8F7B526FCF}" = NI DN 2.0 Language Pack installer
"{F934D447-1831-4D39-BD7E-CB86DE4C6125}" = NI Update Service Full
"{FB6E7A50-AA88-4D74-B695-2B5D9A520DC6}" = NI-FGEN Driver 1.7.4f1
"{FC7E30E4-E72F-45EC-9822-FC41C41E9DFA}" = Traditional NI-DAQ 7.4.4 (Legacy)
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEC4FA99-C469-4449-98E2-6AC68D8DFDAD}" = NI PXI Platform Services 2.5.6 Expert
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FFE66188-2568-4DEA-A860-C3270855C03C}" = NI Hierarchical Waveform Storage 1.4.8
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HyperCam 2" = HyperCam 2
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IviSharedComponent" = IVI Shared Components
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"NI Uninstaller" = National Instruments Software
"Picasa2" = Picasa 2
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PROSet" = Intel(R) Network Connections Drivers
"VISASharedComponents" = VISA Shared Components
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/03/2012 06:26:24 | Computer Name = hifsa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 18/03/2012 06:26:24 | Computer Name = hifsa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131328
Description =

Error - 18/03/2012 10:48:03 | Computer Name = hifsa-PC | Source = ESENT | ID = 486
Description = Catalog Database (1752) Catalog Database: An attempt to move the file
"C:\Windows\system32\CatRoot2\edb.log" to "C:\Windows\system32\CatRoot2\edb0013B.log"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The move file operation will fail with error -1022 (0xfffffc02).

Error - 18/03/2012 10:48:03 | Computer Name = hifsa-PC | Source = ESENT | ID = 413
Description = Catalog Database (1752) Catalog Database: Unable to create a new logfile
because the database cannot write to the log drive. The drive may be read-only,
out of disk space, misconfigured, or corrupted. Error -1022.

Error - 18/03/2012 10:48:03 | Computer Name = hifsa-PC | Source = ESENT | ID = 454
Description = Catalog Database (1752) Catalog Database: Database recovery/restore
failed with unexpected error -1022.

Error - 18/03/2012 10:48:03 | Computer Name = hifsa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 18/03/2012 10:48:05 | Computer Name = hifsa-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "c:/program files/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .

Error - 18/03/2012 10:48:06 | Computer Name = hifsa-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "c:/program files/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .

Error - 18/03/2012 10:48:06 | Computer Name = hifsa-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "c:/program files/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .

Error - 18/03/2012 10:48:06 | Computer Name = hifsa-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "c:/program files/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .

[ System Events ]
Error - 18/03/2012 16:12:20 | Computer Name = hifsa-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 18/03/2012 16:13:33 | Computer Name = hifsa-PC | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.121.966.0 Loading engine version: 1.1.8101.0

Error - 18/03/2012 16:29:28 | Computer Name = hifsa-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 18/03/2012 16:29:44 | Computer Name = hifsa-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 18/03/2012 16:41:41 | Computer Name = hifsa-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 18/03/2012 16:55:39 | Computer Name = hifsa-PC | Source = DCOM | ID = 10005
Description =

Error - 18/03/2012 16:55:39 | Computer Name = hifsa-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 18/03/2012 16:55:39 | Computer Name = hifsa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19/03/2012 16:48:16 | Computer Name = hifsa-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 19/03/2012 16:48:52 | Computer Name = hifsa-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


----------------------------------------------------------


3. Anti-Malware is up and running, there's still a couple of services which aren't. Everything is markedly slower and more stilted than before, it's taking much longer for the windows logo to appear at start up and for the desktop to appear, windows are freezing for a couple of seconds each. Also, the computer is still attempting to run wbpt0.dll at start up. That about sums the current situation up.


Thanks
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Wed Mar 21, 2012 4:23 am    Post subject: Reply with quote

Hello Bleu,

Is this your personal computer? It is connected to an institute of education?

Could you please explain what are all the NI programs and what do you use them for.

How did you obtain Microsoft Office Enterprise 2007?

Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Wed Mar 21, 2012 2:12 pm    Post subject: Reply with quote

Yes, this is my personal computer which has programs for my reseach installed in it should I need to work away from Uni.

I use the NI package for my research for data acquisition and analysis at home which is owned by my University and given to students as required.

As far as Office Enterprise is concerned, I had this machine re-formatted last year and borrowed my departmental CD for all the office programs.

I hope that answers your questions.
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Thu Mar 22, 2012 8:00 am    Post subject: Reply with quote

Hi Bleu :

Since your are connected to an institute of education and due to the severity of malware infection and the implications, the responsible thing for you to do is to report the issue to your IT department and get the computer reformatted and Windows reinstalled.

In addition, from what I can observe from the logs, the computer is quite messed up by the infection and it is not possible for me to get the computer fixed properly via the forum channel.

I'm sorry, that I am not able to offer you more assistance. Thank you, for your understanding in this matter.
I will now ask for this topic to be closed.

Sorry,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Bleu
Junior Member


Joined: 27 Mar 2011
Last Visit: 24 Mar 2012
Posts: 22
Location: England

PostPosted: Thu Mar 22, 2012 12:56 pm    Post subject: Reply with quote

It's no problem at all.

Just to clarify, the laptop is my own and is entirely my own responsibility otherwise I would've taken it straight away to technical support.

Regardless, I appreciate your concern and support through this.

Thank you.

(Also, I feel the nature of some of the information in this thread is some-what sensitve so I would very much appreciate it if it wasn't archived/relevant information removed or something to that effect)[/i]
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 30 Jul 2014
Posts: 4578
Location: Land Of The Leprechauns

PostPosted: Sat Mar 24, 2012 7:50 am    Post subject: Reply with quote

Quote:
As this computer is connected to an educational network, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group