Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Annoying Pop up - www.888.es


  • Please log in to reply

#1
woody100

woody100

    New Member

  • Member
  • Pip
  • 8 posts
Hi

i'm getting a random full window popup from www.888.es in firefox


TL logfile created on: 7/15/2011 8:59:21 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 36.21% Memory free
5.73 Gb Paging File | 3.70 Gb Available in Paging File | 64.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.81 Gb Total Space | 107.78 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive D: | 148.88 Gb Total Space | 67.23 Gb Free Space | 45.16% Space Free | Partition Type: NTFS

Computer Name: STEVEN-TOSH | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 20:58:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2011/07/04 17:27:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/03 10:05:54 | 006,910,976 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
PRC - [2010/09/14 01:46:02 | 000,124,272 | ---- | M] (Juniper Networks) -- C:\Users\Steven\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
PRC - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/22 14:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/03/19 02:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 20:58:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
MOD - [2011/07/04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/06/30 10:37:25 | 000,285,256 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/30 10:37:28 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/02/23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/03 15:38:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/11 03:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/12/04 04:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 13:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 15:13:24 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/05/26 16:13:22 | 000,008,152 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\activmouse.sys -- (prmvmouse)
DRV:64bit: - [2010/05/26 15:21:24 | 000,086,104 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\451C.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/27 02:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/31 15:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 19:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
You didn't post the full OTL log which is why I expect you got skipped. If you still need help:

Delete your old OTL program.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
woody100

woody100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Ron

Hope it's the full log this time

OTL logfile created on: 7/20/2011 6:01:18 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 45.22% Memory free
5.73 Gb Paging File | 3.75 Gb Available in Paging File | 65.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.81 Gb Total Space | 107.16 Gb Free Space | 72.01% Space Free | Partition Type: NTFS
Drive D: | 148.88 Gb Total Space | 80.97 Gb Free Space | 54.39% Space Free | Partition Type: NTFS

Computer Name: STEVEN-TOSH | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 17:57:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL(1).exe
PRC - [2011/07/04 17:27:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/03/29 16:34:04 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/22 14:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/03/19 02:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 17:57:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL(1).exe
MOD - [2011/07/04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/06/30 10:37:25 | 000,285,256 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/30 10:37:28 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/02/23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/03 15:38:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/11 03:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/12/04 04:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 13:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 15:13:24 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/05/26 16:13:22 | 000,008,152 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\activmouse.sys -- (prmvmouse)
DRV:64bit: - [2010/05/26 15:21:24 | 000,086,104 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CCF1.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/27 02:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/31 15:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 19:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.es/clasico/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8118

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/p/1.html"
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: [email protected]:4.3.2
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Steven\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/05/20 23:17:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/05/20 23:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/04 17:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/03 15:45:30 | 000,000,000 | ---D | M]

[2010/11/07 00:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions
[2010/11/07 00:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/14 15:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\extensions
[2011/05/15 19:16:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/06/01 08:33:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/02 10:55:43 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/09/02 12:59:32 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2011/03/12 11:29:06 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2011/06/30 10:21:23 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/07/14 15:42:12 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\extensions\[email protected]
[2010/09/05 19:22:15 | 000,001,820 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\searchplugins\bing.xml
[2010/09/05 19:22:31 | 000,001,504 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\searchplugins\imdb.xml
[2010/09/05 19:23:07 | 000,000,834 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\searchplugins\lonely-planet-online.xml
[2010/09/05 19:23:59 | 000,001,620 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\searchplugins\mozilla-add-ons.xml
[2010/09/05 19:24:37 | 000,004,140 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\searchplugins\youtube.xml
[2011/03/24 00:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\STEVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLFWDF1N.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLFWDF1N.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\STEVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLFWDF1N.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\STEVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLFWDF1N.DEFAULT\EXTENSIONS\[email protected]
[2011/07/04 17:27:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/11 17:35:24 | 000,278,856 | ---- | M] (Alipay.com co.,ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npaliedit.dll
[2007/03/10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2010/01/01 10:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 10:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 10:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/02 18:01:19 | 000,417,891 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14417 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [WinPatrol] File not found
O4 - Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.142.144.66 212.142.144.98
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 12:35:45 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Malwarebytes
[2011/07/19 12:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/19 12:34:57 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/14 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/14 17:21:59 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/14 16:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/07/14 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/07/13 14:14:14 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 14:14:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 14:14:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 14:14:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 14:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 14:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 14:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 14:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 14:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 14:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 14:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 14:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 14:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 14:14:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 14:14:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 14:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 14:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 14:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 14:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 14:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 14:13:59 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 14:13:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 14:13:59 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 14:13:58 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 14:13:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 14:13:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 14:13:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 14:13:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 14:13:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 14:13:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 14:13:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 14:13:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/08 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Software
[2011/07/04 20:47:39 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\TempImages
[2011/07/04 13:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/04 13:19:31 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 13:19:31 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/04 13:19:29 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 13:19:29 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 13:19:26 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 13:19:23 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 13:19:22 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 13:18:59 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 13:18:59 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/04 13:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/01 14:41:29 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/07/01 14:41:29 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/07/01 14:41:29 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/07/01 14:41:28 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/07/01 14:41:28 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/07/01 14:41:28 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/07/01 14:41:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/07/01 14:41:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/07/01 14:41:28 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/07/01 14:41:28 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/07/01 14:41:27 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/07/01 14:41:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/07/01 14:41:27 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/07/01 14:41:26 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/07/01 14:41:25 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/07/01 14:41:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2010/09/03 15:13:24 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Steven\AppData\Roaming\pcouffin.sys
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/20 17:34:07 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/20 17:34:07 | 000,628,904 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/20 17:34:07 | 000,110,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/20 13:30:15 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 13:30:15 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 13:22:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/20 13:22:30 | 2308,059,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 23:33:35 | 000,042,866 | ---- | M] () -- C:\Users\Steven\.ems.cfg
[2011/07/13 14:36:05 | 000,426,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/09 16:10:34 | 000,001,189 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\vso_ts_preview.xml
[2011/07/09 14:25:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/08 16:40:59 | 000,002,276 | ---- | M] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Tencent QQ.lnk
[2011/07/06 20:28:45 | 000,000,787 | ---- | M] () -- C:\Users\Steven\Desktop\2010.LNK
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 13:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 13:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 13:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 13:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 13:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 13:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 13:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/06/30 10:38:06 | 000,016,016 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011/06/30 10:37:25 | 000,285,256 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011/06/30 10:37:24 | 000,363,560 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/08 16:40:59 | 000,002,276 | ---- | C] () -- C:\Users\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Tencent QQ.lnk
[2011/07/06 20:28:45 | 000,000,787 | ---- | C] () -- C:\Users\Steven\Desktop\2010.LNK
[2011/07/04 13:19:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/06/16 12:47:00 | 000,004,096 | -H-- | C] () -- C:\Users\Steven\AppData\Local\keyfile3.drm
[2011/06/15 16:42:22 | 000,012,800 | ---- | C] () -- C:\Users\Steven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 22:18:51 | 000,000,072 | ---- | C] () -- C:\Windows\BFA.INI
[2011/03/26 14:21:46 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/26 14:21:46 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/26 14:21:46 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/26 14:21:46 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/26 14:21:46 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/26 14:21:46 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/26 14:21:46 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/26 14:21:46 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/26 14:21:46 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/26 14:21:46 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/03/26 14:21:46 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/26 14:21:46 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/26 14:21:46 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/26 14:21:46 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/26 14:21:46 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/26 14:21:46 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/03/26 14:21:46 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/03/26 14:21:46 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/26 14:21:46 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/09/04 15:47:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/03 17:36:19 | 000,000,577 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/03 15:39:46 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/09/03 15:14:08 | 000,001,189 | ---- | C] () -- C:\Users\Steven\AppData\Roaming\vso_ts_preview.xml
[2010/09/03 15:13:24 | 000,099,384 | ---- | C] () -- C:\Users\Steven\AppData\Roaming\inst.exe
[2010/09/03 15:13:24 | 000,007,859 | ---- | C] () -- C:\Users\Steven\AppData\Roaming\pcouffin.cat
[2010/09/03 15:13:24 | 000,001,167 | ---- | C] () -- C:\Users\Steven\AppData\Roaming\pcouffin.inf
[2010/09/02 21:30:28 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/02 20:17:47 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/09/02 00:44:05 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/02 00:44:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/02 00:44:03 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/02 00:44:03 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/02 00:44:03 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/10 14:59:26 | 000,227,624 | ---- | C] () -- C:\Windows\libactivboardex.dll
[2010/06/10 14:59:10 | 000,256,280 | ---- | C] () -- C:\Windows\ActivDRV.dll
[2010/06/02 02:38:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/06/02 02:27:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/02/20 09:22:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/02/20 09:22:24 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/02/20 09:22:24 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/02/20 08:27:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/20 08:27:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/23 15:40:36 | 000,000,008 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\Windows\SysWow64\FGWVB32.DLL
[1997/10/15 10:52:32 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\PKDCLVB.DLL
[1997/04/29 23:34:00 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\PDFENC32.DLL
[1995/02/14 23:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\IMPLODE.DLL
[1995/02/14 23:11:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\IMPBORL.DLL

< End of report >

OTL Extras logfile created on: 7/20/2011 6:01:18 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 45.22% Memory free
5.73 Gb Paging File | 3.75 Gb Available in Paging File | 65.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.81 Gb Total Space | 107.16 Gb Free Space | 72.01% Space Free | Partition Type: NTFS
Drive D: | 148.88 Gb Total Space | 80.97 Gb Free Space | 54.39% Space Free | Partition Type: NTFS

Computer Name: STEVEN-TOSH | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C0DF4742-0002-4D89-A8DE-899F5786F38B}" = ActivDriver x64 v5.5
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.12
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}" = TOSHIBA ConfigFree
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{505493F5-D4C5-481D-B6BF-9718BADA7846}" = ActivInspire Core Resources (ENU) v1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EA9DEAF-B633-44B8-89F6-2EF0C4944A19}" = ActivInspire v1
"{702E23DF-6424-4C5C-8FC9-1104FA777FA8}" = ActivInspire Help (GBR) v1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD24D14-A5F1-49CA-85CA-90E9A8AEF44A}" = ActivInspire HWR Resources (ENU) v1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alipay security plugin_is1" = Alipay security plugin 1.3.0.6
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everything" = Everything 1.2.1.371
"GOM Player" = GOM Player
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Picasa 3" = Picasa 3
"SopCast" = SopCast 3.2.9
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = Renta 2010
"The KMPlayer" = The KMPlayer (remove only)
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TOSHIBA Game Console" = WildTangent ORB Game Console
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083890" = Zuma Deluxe
"WT083910" = Jewel Quest II
"WT083916" = Diner Dash 2 Restaurant Rescue
"WT083925" = Plants vs. Zombies
"WT083929" = Bejeweled 2 Deluxe
"WT083945" = FATE
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"xplorer2l" = xplorer˛ lite 32 bit
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"Your_Deploy_0" = Your Freedom (JET)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JuniperSetupClient" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2011 6:07:40 AM | Computer Name = Steven-TOSH | Source = Application Error | ID = 1000
Description = Faulting application name: POWERPNT.EXE, version: 12.0.6545.5000,
time stamp: 0x4c653ef1 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x00022373 Faulting
process id: 0x108c Faulting application start time: 0x01cc2c0c72dba0c3 Faulting application
path: C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 7761171b-9800-11e0-8e39-00266c506e03

Error - 6/16/2011 6:08:45 AM | Computer Name = Steven-TOSH | Source = Application Error | ID = 1000
Description = Faulting application name: POWERPNT.EXE, version: 12.0.6545.5000,
time stamp: 0x4c653ef1 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x00022373 Faulting
process id: 0x13d8 Faulting application start time: 0x01cc2c0d44f841eb Faulting application
path: C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 9e58a2eb-9800-11e0-8e39-00266c506e03

Error - 6/16/2011 3:01:31 PM | Computer Name = Steven-TOSH | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/16/2011 3:03:54 PM | Computer Name = Steven-TOSH | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/16/2011 6:31:18 PM | Computer Name = Steven-TOSH | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/16/2011 6:33:26 PM | Computer Name = Steven-TOSH | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/17/2011 5:33:40 PM | Computer Name = Steven-TOSH | Source = Avira AntiVir | ID = 4118
Description =

Error - 6/19/2011 11:30:34 AM | Computer Name = Steven-TOSH | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/19/2011 11:51:23 AM | Computer Name = Steven-TOSH | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/19/2011 11:52:36 AM | Computer Name = Steven-TOSH | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 7/19/2011 9:26:28 AM | Computer Name = Steven-TOSH | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\A93A.tmp has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a
compatible version of the driver.

Error - 7/19/2011 9:26:28 AM | Computer Name = Steven-TOSH | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 7/19/2011 9:30:59 AM | Computer Name = Steven-TOSH | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\CCF1.tmp has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a
compatible version of the driver.

Error - 7/19/2011 9:30:59 AM | Computer Name = Steven-TOSH | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 7/20/2011 4:00:53 AM | Computer Name = Steven-TOSH | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Service Agent service failed to start
due to the following error: %%2

Error - 7/20/2011 4:01:04 AM | Computer Name = Steven-TOSH | Source = Service Control Manager | ID = 7001
Description = The Application Virtualization Client service depends on the Application
Virtualization Service Agent service which failed to start because of the following
error: %%2

Error - 7/20/2011 4:01:04 AM | Computer Name = Steven-TOSH | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068

Error - 7/20/2011 7:22:53 AM | Computer Name = Steven-TOSH | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Service Agent service failed to start
due to the following error: %%2

Error - 7/20/2011 7:23:03 AM | Computer Name = Steven-TOSH | Source = Service Control Manager | ID = 7001
Description = The Application Virtualization Client service depends on the Application
Virtualization Service Agent service which failed to start because of the following
error: %%2

Error - 7/20/2011 7:23:03 AM | Computer Name = Steven-TOSH | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068


< End of report >

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-20 18:01:38
-----------------------------
18:01:38.112 OS Version: Windows x64 6.1.7601 Service Pack 1
18:01:38.112 Number of processors: 4 586 0x2502
18:01:38.113 ComputerName: STEVEN-TOSH UserName: Steven
18:01:40.525 Initialize success
18:01:41.374 AVAST engine defs: 11072000
18:02:03.111 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:02:03.113 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
18:02:03.123 Disk 0 MBR read successfully
18:02:03.125 Disk 0 MBR scan
18:02:03.128 Disk 0 Windows 7 default MBR code
18:02:03.131 Service scanning
18:02:04.347 Disk 0 trace - called modules:
18:02:04.377 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:02:04.380 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005132060]
18:02:04.383 3 CLASSPNP.SYS[fffff88001d5b43f] -> nt!IofCallDriver -> [0xfffffa8003130e40]
18:02:04.386 5 ACPI.sys[fffff88000ef17a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003131050]
18:02:05.104 AVAST engine scan C:\Windows
18:02:07.139 AVAST engine scan C:\Windows\system32
18:04:13.465 AVAST engine scan C:\Windows\system32\drivers
18:04:28.507 AVAST engine scan C:\Users\Steven
18:19:30.612 AVAST engine scan C:\ProgramData
18:22:03.220 Scan finished successfully
18:26:21.600 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
18:26:21.606 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"


The "FixMBR" button is enabled.

Thanks
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall
Java™ 6 Update 17
Yahoo! BrowserPlus 2.9.8
Spybot S&D (May interfere. You can reinstall it later)

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses


:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8118
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Steven\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
() (No name found) -- C:\USERS\STEVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLFWDF1N.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLFWDF1N.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\STEVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLFWDF1N.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\STEVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLFWDF1N.DEFAULT\EXTENSIONS\[email protected]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [WinPatrol] File not found
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
  • 0

#5
woody100

woody100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi

Lastest logs

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "localhost" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "localhost" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 1080 removed from network.proxy.socks_port
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll moved successfully.
File HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Steven\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinPatrol deleted successfully.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Steven
->Temp folder emptied: 58643757 bytes
->Temporary Internet Files folder emptied: 78195544 bytes
->Java cache emptied: 361865 bytes
->FireFox cache emptied: 670235175 bytes
->Flash cache emptied: 265202 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 654230194 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 2968 bytes

Total Files Cleaned = 1,394.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07202011_194743

Files\Folders moved on Reboot...
C:\Users\Steven\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


ComboFix 11-07-20.02 - Steven 20/07/2011 20:19:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2935.1630 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20100827103852_kubiwang100827zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100827173236_huiyuan100828zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100901140849_pinganchexian100901zanting15s.swf.tpp
c:\favoritevideo\InvisibleFolder\20100903175043_runqu100904zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100903195602_taobao100906zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100903195650_taobao100906zanting15s.swf
c:\favoritevideo\InvisibleFolder\pplss.swf.tpp
c:\favoritevideo\InvisibleFolder\PPTV(pplive)_2.6.0.0019_guide_s.exe
c:\users\Steven\AppData\Roaming\inst.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 18:09 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-20 18:09 . 2011-07-20 18:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-19 10:35 . 2011-07-19 10:35 -------- d-----w- c:\users\Steven\AppData\Roaming\Malwarebytes
2011-07-19 10:35 . 2011-07-19 10:35 -------- d-----w- c:\programdata\Malwarebytes
2011-07-19 10:34 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-14 15:21 . 2011-07-14 15:21 388096 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-14 15:21 . 2011-07-14 15:21 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-14 14:48 . 2011-07-19 14:07 -------- d-----w- c:\program files (x86)\Sophos
2011-07-13 12:13 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-04 18:47 . 2011-07-04 18:47 -------- d-----w- c:\users\Steven\AppData\Local\TempImages
2011-07-04 15:27 . 2011-07-04 15:27 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 15:27 . 2011-07-04 15:27 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-04 11:19 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:19 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-04 11:19 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:19 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:19 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:19 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:19 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:18 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:18 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:18 . 2011-07-04 11:18 -------- d-----w- c:\programdata\AVAST Software
2011-07-04 11:18 . 2011-07-04 11:18 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 14:40 . 2010-09-02 18:18 106496 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2011-07-08 14:40 . 2010-09-02 18:18 106496 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-07-08 14:40 . 2010-09-02 18:18 106496 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2011-06-30 08:38 . 2010-06-01 17:00 92688 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:38 . 2010-06-01 17:00 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38 . 2010-06-04 09:55 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38 . 2010-06-01 17:00 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2010-06-01 17:00 285256 ----a-w- c:\windows\SysWow64\guard32.dll
2011-06-30 08:37 . 2010-06-01 17:00 363560 ----a-w- c:\windows\system32\guard64.dll
2011-06-14 09:06 . 2011-06-14 09:06 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 12:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-03 05:29 . 2011-06-15 11:42 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 11:42 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-15 11:42 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-15 11:42 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-15 11:42 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:40 . 2011-06-15 11:42 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-15 11:42 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-15 11:42 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-25 05:33 . 2011-06-15 11:42 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:34 . 2011-06-15 11:42 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-23 01:29 . 2011-06-15 12:01 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 01:19 . 2011-06-15 12:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 23:35 . 2011-06-15 12:01 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-22 23:25 . 2011-06-15 12:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-22 22:15 . 2011-05-25 08:57 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\CCF1.tmp [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ebay.es/clasico/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.142.144.66 212.142.144.98
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jlfwdf1n.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://uk.my.yahoo.com/p/1.html
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port -
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\CCF1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2011-07-20 20:34:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-20 18:34
.
Pre-Run: 118,613,221,376 bytes free
Post-Run: 118,214,795,264 bytes free
.
- - End Of File - - 8395AC749EAD0163D04576E99F946BF8

2011/07/20 20:39:25.0016 0240 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/20 20:39:25.0369 0240 ================================================================================
2011/07/20 20:39:25.0369 0240 SystemInfo:
2011/07/20 20:39:25.0369 0240
2011/07/20 20:39:25.0370 0240 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/20 20:39:25.0370 0240 Product type: Workstation
2011/07/20 20:39:25.0370 0240 ComputerName: STEVEN-TOSH
2011/07/20 20:39:25.0370 0240 UserName: Steven
2011/07/20 20:39:25.0370 0240 Windows directory: C:\Windows
2011/07/20 20:39:25.0370 0240 System windows directory: C:\Windows
2011/07/20 20:39:25.0370 0240 Running under WOW64
2011/07/20 20:39:25.0370 0240 Processor architecture: Intel x64
2011/07/20 20:39:25.0371 0240 Number of processors: 4
2011/07/20 20:39:25.0371 0240 Page size: 0x1000
2011/07/20 20:39:25.0371 0240 Boot type: Normal boot
2011/07/20 20:39:25.0371 0240 ================================================================================
2011/07/20 20:39:27.0013 0240 Initialize success
2011/07/20 20:39:33.0718 2108 ================================================================================
2011/07/20 20:39:33.0718 2108 Scan started
2011/07/20 20:39:33.0718 2108 Mode: Manual;
2011/07/20 20:39:33.0718 2108 ================================================================================
2011/07/20 20:39:35.0341 2108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/20 20:39:35.0426 2108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/20 20:39:35.0554 2108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/20 20:39:35.0889 2108 ActivHidSerMini (007f173fde42227d7cb998bd59f80f81) C:\Windows\system32\DRIVERS\activhidsermini.sys
2011/07/20 20:39:36.0005 2108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/20 20:39:36.0136 2108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/20 20:39:36.0228 2108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/20 20:39:36.0376 2108 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/20 20:39:36.0512 2108 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/07/20 20:39:36.0756 2108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/20 20:39:36.0797 2108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/20 20:39:36.0892 2108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/20 20:39:36.0945 2108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/20 20:39:36.0996 2108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/20 20:39:37.0060 2108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/20 20:39:37.0123 2108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/20 20:39:37.0214 2108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/20 20:39:37.0324 2108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/20 20:39:37.0655 2108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/20 20:39:37.0730 2108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/20 20:39:37.0843 2108 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/20 20:39:37.0976 2108 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/20 20:39:38.0035 2108 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/07/20 20:39:38.0171 2108 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/07/20 20:39:38.0282 2108 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/07/20 20:39:38.0348 2108 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/07/20 20:39:38.0464 2108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/20 20:39:38.0544 2108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/20 20:39:38.0701 2108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/20 20:39:38.0813 2108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/20 20:39:38.0898 2108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/20 20:39:39.0093 2108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/20 20:39:39.0148 2108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/20 20:39:39.0258 2108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/20 20:39:39.0281 2108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/20 20:39:39.0394 2108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/20 20:39:39.0436 2108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/20 20:39:39.0462 2108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/20 20:39:39.0564 2108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/20 20:39:39.0597 2108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/20 20:39:39.0908 2108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/20 20:39:40.0131 2108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/20 20:39:40.0272 2108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/20 20:39:40.0324 2108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/20 20:39:40.0481 2108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/20 20:39:40.0537 2108 cmdGuard (0020e6598d80b92e4d8618554c4843ab) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/07/20 20:39:40.0642 2108 cmdHlp (7a2af19b01bf433c23ac1111610acf84) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/07/20 20:39:40.0722 2108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/20 20:39:40.0841 2108 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/20 20:39:40.0978 2108 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\Windows\system32\drivers\CHDRT64.sys
2011/07/20 20:39:41.0104 2108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/20 20:39:41.0149 2108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/20 20:39:41.0270 2108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/20 20:39:41.0429 2108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/20 20:39:41.0479 2108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/20 20:39:41.0601 2108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/20 20:39:41.0672 2108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/20 20:39:41.0783 2108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/20 20:39:41.0983 2108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/20 20:39:42.0314 2108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/20 20:39:42.0419 2108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/20 20:39:42.0481 2108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/20 20:39:42.0515 2108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/20 20:39:42.0642 2108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/20 20:39:42.0708 2108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/20 20:39:42.0816 2108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/20 20:39:42.0860 2108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/20 20:39:42.0964 2108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/20 20:39:43.0038 2108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/20 20:39:43.0082 2108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/20 20:39:43.0150 2108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/20 20:39:43.0225 2108 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/07/20 20:39:43.0284 2108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/20 20:39:43.0389 2108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/20 20:39:43.0489 2108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/20 20:39:43.0579 2108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/20 20:39:43.0654 2108 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/07/20 20:39:43.0744 2108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/20 20:39:43.0795 2108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/20 20:39:43.0854 2108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/20 20:39:43.0939 2108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/07/20 20:39:44.0080 2108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/20 20:39:44.0142 2108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/20 20:39:44.0256 2108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/20 20:39:44.0344 2108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/20 20:39:44.0571 2108 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/20 20:39:44.0687 2108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/20 20:39:44.0971 2108 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/20 20:39:45.0280 2108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/20 20:39:45.0342 2108 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
2011/07/20 20:39:45.0454 2108 inspect (fc863d6ec8fc977ac4be6ca7ddc10dae) C:\Windows\system32\DRIVERS\inspect.sys
2011/07/20 20:39:45.0522 2108 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/07/20 20:39:45.0622 2108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/20 20:39:45.0710 2108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/20 20:39:45.0800 2108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/20 20:39:45.0850 2108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/20 20:39:45.0912 2108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/20 20:39:45.0971 2108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/20 20:39:46.0014 2108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/20 20:39:46.0093 2108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/20 20:39:46.0179 2108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/20 20:39:46.0239 2108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/07/20 20:39:46.0353 2108 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/20 20:39:46.0402 2108 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/20 20:39:46.0460 2108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/20 20:39:46.0592 2108 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/07/20 20:39:46.0846 2108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/20 20:39:47.0128 2108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/20 20:39:47.0165 2108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/20 20:39:47.0192 2108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/20 20:39:47.0293 2108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/20 20:39:47.0339 2108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/20 20:39:47.0496 2108 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/07/20 20:39:47.0547 2108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/20 20:39:47.0641 2108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/20 20:39:47.0844 2108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/20 20:39:47.0889 2108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/20 20:39:48.0007 2108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/07/20 20:39:48.0058 2108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/20 20:39:48.0190 2108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/20 20:39:48.0261 2108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/20 20:39:48.0310 2108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/20 20:39:48.0374 2108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/20 20:39:48.0445 2108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/20 20:39:48.0493 2108 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/20 20:39:48.0558 2108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/20 20:39:48.0712 2108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/20 20:39:48.0933 2108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/20 20:39:49.0044 2108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/20 20:39:49.0122 2108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/20 20:39:49.0335 2108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/20 20:39:49.0469 2108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/20 20:39:49.0627 2108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/20 20:39:49.0681 2108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/20 20:39:49.0738 2108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/20 20:39:49.0859 2108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/20 20:39:49.0911 2108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/20 20:39:50.0027 2108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/20 20:39:50.0057 2108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/20 20:39:50.0123 2108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/20 20:39:50.0263 2108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/20 20:39:50.0366 2108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/20 20:39:50.0399 2108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/20 20:39:50.0482 2108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/20 20:39:50.0598 2108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/20 20:39:50.0699 2108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/20 20:39:50.0856 2108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/20 20:39:50.0913 2108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/20 20:39:51.0073 2108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/20 20:39:51.0117 2108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/20 20:39:51.0157 2108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/20 20:39:51.0316 2108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/20 20:39:51.0451 2108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/20 20:39:51.0543 2108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/20 20:39:51.0680 2108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/20 20:39:51.0798 2108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/20 20:39:52.0023 2108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/20 20:39:52.0169 2108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/20 20:39:52.0275 2108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/20 20:39:52.0342 2108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/20 20:39:52.0369 2108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/20 20:39:52.0401 2108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/20 20:39:52.0483 2108 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/07/20 20:39:52.0547 2108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/20 20:39:52.0598 2108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/20 20:39:52.0746 2108 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/07/20 20:39:52.0865 2108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/20 20:39:52.0982 2108 prmvmouse (99bbf2e4145e6308b39b2c13dd6291b9) C:\Windows\system32\DRIVERS\activmouse.sys
2011/07/20 20:39:53.0019 2108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/20 20:39:53.0133 2108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/20 20:39:53.0256 2108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/20 20:39:53.0381 2108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/20 20:39:53.0436 2108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/20 20:39:53.0471 2108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/20 20:39:53.0595 2108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/20 20:39:53.0662 2108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/20 20:39:53.0797 2108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/20 20:39:53.0869 2108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/20 20:39:53.0979 2108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/20 20:39:54.0051 2108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/20 20:39:54.0214 2108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/20 20:39:54.0434 2108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/20 20:39:54.0590 2108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/20 20:39:54.0655 2108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/20 20:39:54.0771 2108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/20 20:39:54.0857 2108 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
2011/07/20 20:39:54.0981 2108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/20 20:39:55.0129 2108 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/20 20:39:55.0213 2108 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/07/20 20:39:55.0344 2108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/20 20:39:55.0397 2108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/20 20:39:55.0550 2108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/20 20:39:55.0637 2108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/20 20:39:55.0709 2108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/20 20:39:55.0786 2108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/20 20:39:55.0860 2108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/20 20:39:55.0902 2108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/20 20:39:55.0921 2108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/20 20:39:55.0985 2108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/20 20:39:56.0118 2108 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/07/20 20:39:56.0236 2108 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/07/20 20:39:56.0263 2108 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/07/20 20:39:56.0286 2108 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/07/20 20:39:56.0390 2108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/20 20:39:56.0421 2108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/20 20:39:56.0460 2108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/20 20:39:56.0653 2108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/20 20:39:57.0003 2108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/20 20:39:57.0215 2108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/20 20:39:57.0340 2108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/20 20:39:57.0418 2108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/20 20:39:57.0548 2108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/20 20:39:57.0683 2108 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/20 20:39:57.0949 2108 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/20 20:39:58.0294 2108 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/20 20:39:58.0476 2108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/20 20:39:58.0582 2108 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/07/20 20:39:58.0817 2108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/20 20:39:58.0955 2108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/20 20:39:59.0012 2108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/20 20:39:59.0276 2108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/20 20:39:59.0899 2108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/20 20:40:00.0157 2108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/20 20:40:00.0238 2108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/20 20:40:00.0788 2108 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/20 20:40:00.0920 2108 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/07/20 20:40:00.0965 2108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/20 20:40:01.0184 2108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/20 20:40:01.0476 2108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/20 20:40:01.0845 2108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/20 20:40:02.0185 2108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/20 20:40:02.0248 2108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/20 20:40:02.0383 2108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/20 20:40:02.0447 2108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/07/20 20:40:02.0756 2108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/20 20:40:02.0894 2108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/07/20 20:40:02.0946 2108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/20 20:40:03.0076 2108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/20 20:40:03.0135 2108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/07/20 20:40:03.0328 2108 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/20 20:40:03.0480 2108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/20 20:40:03.0523 2108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/20 20:40:03.0752 2108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/20 20:40:03.0937 2108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/20 20:40:04.0625 2108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/20 20:40:05.0042 2108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/20 20:40:05.0545 2108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/20 20:40:05.0911 2108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/20 20:40:06.0222 2108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/20 20:40:06.0417 2108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/20 20:40:06.0858 2108 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/20 20:40:07.0101 2108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/20 20:40:07.0555 2108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/20 20:40:07.0667 2108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/20 20:40:08.0141 2108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/20 20:40:08.0491 2108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/20 20:40:09.0063 2108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/20 20:40:09.0248 2108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/20 20:40:09.0555 2108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/20 20:40:09.0781 2108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/20 20:40:10.0053 2108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/20 20:40:10.0244 2108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/20 20:40:10.0324 2108 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/20 20:40:10.0364 2108 Boot (0x1200) (70c290ae5f5c7e2ee1265685f6d68935) \Device\Harddisk0\DR0\Partition0
2011/07/20 20:40:10.0546 2108 Boot (0x1200) (2542cd65745dbe4503a38c371f687801) \Device\Harddisk0\DR0\Partition1
2011/07/20 20:40:10.0633 2108 ================================================================================
2011/07/20 20:40:10.0633 2108 Scan finished
2011/07/20 20:40:10.0633 2108 ================================================================================
2011/07/20 20:40:10.0697 2848 Detected object count: 0
2011/07/20 20:40:10.0697 2848 Actual detected object count: 0
2011/07/20 20:40:43.0230 1340 Deinitialize success

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7212

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20/07/2011 20:14:14
mbam-log-2011-07-20 (20-14-14).txt

Scan type: Quick scan
Objects scanned: 169513
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-20 20:40:56
-----------------------------
20:40:56.863 OS Version: Windows x64 6.1.7601 Service Pack 1
20:40:56.863 Number of processors: 4 586 0x2502
20:40:56.865 ComputerName: STEVEN-TOSH UserName: Steven
20:40:58.888 Initialize success
20:40:59.224 AVAST engine defs: 11072001
20:41:05.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:41:05.367 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
20:41:05.382 Disk 0 MBR read successfully
20:41:05.384 Disk 0 MBR scan
20:41:05.388 Disk 0 Windows 7 default MBR code
20:41:05.391 Service scanning
20:41:07.238 Disk 0 trace - called modules:
20:41:07.270 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:41:07.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033a5060]
20:41:07.284 3 CLASSPNP.SYS[fffff88001b6943f] -> nt!IofCallDriver -> [0xfffffa800310d3c0]
20:41:07.291 5 ACPI.sys[fffff88000f827a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003113050]
20:41:09.833 AVAST engine scan C:\Windows
20:41:17.996 AVAST engine scan C:\Windows\system32
20:43:00.608 AVAST engine scan C:\Windows\system32\drivers
20:43:11.404 AVAST engine scan C:\Users\Steven
20:46:21.074 AVAST engine scan C:\ProgramData
20:49:17.681 Scan finished successfully
20:49:40.168 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
20:49:40.175 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"


button is highlighted in black - assume is enabled

Thanks
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
Are you still getting the popup?

For what it is worth, in your event logs you have something called

Application Virtualization Service Agent service which is not running because it can't find the file. IF this is something you use then it probably needs to be uninstalled and reinstalled. If you don't use it you can just uninstall it. It will probably cause a delay during boot of from 30 to 60 seconds if it continues to fail.

Your install of Spybot S&D had major problems so perhaps best to leave it off. Also their "Immunize" feature puts a lot of bogus entries in the hosts file to keep you from going to bad sites but from what I have read this will slow down a Win 7 system considerably.

Ron
  • 0

#7
woody100

woody100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi

I'll monitor the pop up.

As for Application Virtualization Service Agent i've no idea what it is or how to uninstall it can't find it in al program list.

Ok won't run SpyBot S&D

Thanks for your help
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
Appears it is part of windows 7. Used by large organizations to push applications out to lots of PCs at one time.

We can probably just turn the service off.

Right click on My Computer and select Manage, Continue, then select Services and Applications then Services. Find the

Application Virtualization Service Agent service and right click on it and select Properties then change the Startup Type: to Disabled and Apply. OK

Repeat for Client Virtualization Handler service.

Ron
  • 0

#9
woody100

woody100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi

Still getting pop up this time from https://es.betclic.c...egister_b.aspx. I think it's associated
with one website isohunt and only happens once a day
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
Isohunt says they have "Database corruption on our European servers, site down temporarily while we are fixing it. In the meantime, going to ca.isohunt.com should work.
18 hours ago" so they may be fighting an infection.

The site your popup goes to is a registration form for a sports website. Not your usual malware site.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP