Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan downloader.win32.genome.coa


  • Please log in to reply

#1
TonyO511

TonyO511

    Member

  • Member
  • PipPip
  • 76 posts
HELP!! I seemed to have picked something up while downloading a multiboot tool. Kaspersky says it is a trojan downloader.win32.genome.coa I have tried to neutralize it(doesn't work), tried a full scan on my kespersky anti virus(locks it up). Kaspersky recommended to go in to safe mode w/networking, change some setting and rerun the scan in safe mode...still locks up. I can not get anything to work...attached is my OTL log...can someone please help....Thank you in advance....

System:
Toshiba Satellite l655
OS: windows 7 Home premium
64 bit
SP1

OTL logfile created on: 10/24/2011 9:09:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anthony O'Brocto\Documents\Computer fix
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 58.52% Memory free
7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.90 Gb Total Space | 169.31 Gb Free Space | 59.43% Space Free | Partition Type: NTFS

Computer Name: ANTHONYOBROCTO | User Name: Anthony O'Brocto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 21:07:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony O'Brocto\My Documents\Computer fix\OTL.exe
PRC - [2011/10/03 05:47:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/16 08:36:37 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/12/11 17:00:20 | 000,358,200 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 06:04:05 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/03 05:47:00 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/16 08:36:37 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/11 17:03:32 | 001,063,848 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/16 08:36:38 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/05/16 08:36:34 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/05/16 08:36:31 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/05/16 08:36:23 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/05/15 17:59:10 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/28 03:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 21:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/07/23 09:23:58 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2007/07/23 09:23:58 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2007/07/23 09:23:56 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.1-x64-SP1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.toshiba.com/g/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.nhra.com"
FF - prefs.js..keyword.URL: "http://www.startnow....6.1-x64-SP1&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Anthony O'Brocto\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/05/31 10:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/05/31 10:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 05:47:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/23 21:24:59 | 000,000,000 | ---D | M]

[2011/05/15 17:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony O'Brocto\AppData\Roaming\Mozilla\Extensions
[2011/07/14 18:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony O'Brocto\AppData\Roaming\Mozilla\Firefox\Profiles\sdhvehyp.default\extensions
[2011/06/11 18:27:47 | 000,002,265 | ---- | M] () -- C:\Users\Anthony O'Brocto\AppData\Roaming\Mozilla\Firefox\Profiles\sdhvehyp.default\searchplugins\bing-zugo.xml
[2011/10/23 21:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/27 17:46:14 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/25 16:50:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/23 21:33:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/05/15 18:00:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/10/03 05:47:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/03 05:46:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D03F729-EF7A-4F5B-9315-F2BF70D0A883}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{0890DB15-3FEF-418C-8C78-6BDD32FEB488}
[2011/10/24 17:43:54 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{B7348E36-5F21-4089-AF9A-03FBE6BE2C94}
[2011/10/23 22:16:39 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{B5F04188-BD36-4914-B110-7C51115F3EDE}
[2011/10/23 22:16:29 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{67721256-6439-4468-82FF-E646A72C97DD}
[2011/10/23 21:43:18 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Roaming\Malwarebytes
[2011/10/23 21:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 21:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 21:43:10 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/23 21:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/23 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{E4277330-B7EC-40E2-905A-6E2D6CF8A8BB}
[2011/10/23 19:48:34 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{44681700-8DD6-44E3-9DB1-68086CB6E134}
[2011/10/23 07:47:48 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{9A95275B-1E3A-46C5-83BF-6F2620D88F3A}
[2011/10/23 07:47:38 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{0D545BA4-1372-4DCA-B204-43C80C5CB710}
[2011/10/22 18:01:01 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{F988F61F-EBA2-45B9-9CC9-5049BBD10D5B}
[2011/10/22 18:00:51 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{B9CB20C1-4E6B-4B79-B4A3-C261C15CE75A}
[2011/10/22 06:00:27 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{4104452F-F3CB-4561-B5FC-7D71EB7A3F54}
[2011/10/22 06:00:17 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{2155286B-66FF-4977-8DCF-6FE4657F179E}
[2011/10/21 17:11:21 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{B817B11A-A7CB-4440-8538-856C24F7EF7B}
[2011/10/21 17:11:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{BDDFCB54-EA43-4C45-A27D-887BFC90C083}
[2011/10/20 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{32FAE80F-875F-4E4A-A7D0-541CDAF45826}
[2011/10/20 18:58:18 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{A44400E2-EAA1-4678-B645-048A87621F96}
[2011/10/20 06:52:30 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{73438EA6-8B86-4AA7-89BC-EAC65C5D2E1F}
[2011/10/20 06:52:18 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{4777BA0B-7668-413E-95B5-70BC1525D72F}
[2011/10/19 18:51:54 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{54254C85-EBB2-42A8-BEE5-325207D610BF}
[2011/10/19 18:51:44 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{A23CE158-0508-4D0A-BAF1-05FBF9FE7D37}
[2011/10/18 19:26:29 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{71BAC91B-9415-4519-A325-C4A24A54F9BB}
[2011/10/18 19:26:19 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{DE6DD8A0-1DCF-4C90-A302-00CE8B47B9B6}
[2011/10/17 21:06:45 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{3CEDDF43-EAFE-4F27-9F11-21646EEF94F2}
[2011/10/17 21:06:35 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{75736BEB-4C20-4302-8B7C-1BC630AE19B8}
[2011/10/16 19:38:32 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{826FEADE-B51E-46BA-B803-A8C2B6A7E0FA}
[2011/10/16 19:38:22 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{6F766068-2376-4C94-B43B-17C07ED74A18}
[2011/10/16 07:37:57 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{CC436FCB-F6A7-45F1-9C96-08F9711FE596}
[2011/10/16 07:37:47 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{CC5D5007-760A-4FA2-AC44-996B00E140CD}
[2011/10/15 13:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/15 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/15 13:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/15 13:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/15 13:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/15 13:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/15 13:27:04 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{466DC218-74C0-467E-9AB2-68EF11869972}
[2011/10/15 13:26:54 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{3C1DCF81-6A6F-4FE0-AA79-78D0BC8F695B}
[2011/10/14 20:42:42 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{1EA22D67-8646-4EBA-9217-FBA4974B9987}
[2011/10/14 20:42:32 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{B1FB3B07-1549-4452-9313-28D5DC2FC807}
[2011/10/14 06:04:02 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{AEE91E59-6117-4E99-A71F-05293CF45059}
[2011/10/14 06:03:52 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{3B9B35B5-87D0-4683-BA42-9013D3EFCF04}
[2011/10/13 17:50:38 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{E6D85C43-0ACB-47F4-A7AB-BB141ACDAA94}
[2011/10/13 17:50:28 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{A407116F-FD88-4362-81C5-7C2AACF82190}
[2011/10/12 21:20:19 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{0649BADA-CC96-4623-BE8B-1667F8B1D14F}
[2011/10/12 21:20:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{E66210CD-B7DB-4F1C-AF08-EE7114A4B1B6}
[2011/10/12 06:03:49 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{14AD128C-796F-40EA-9354-2FABC6B310C1}
[2011/10/12 06:03:39 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{8214958B-D557-4841-938D-5E524D4ECA45}
[2011/10/11 17:32:06 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{ED9DD3D0-4B21-41EE-A16E-3D832B1AD35D}
[2011/10/11 17:31:56 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{1078AE0B-FA4D-463C-86C5-C44F1C2C8029}
[2011/10/10 18:59:58 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{B34D8C1D-8F32-4035-AA49-8127D25F744A}
[2011/10/10 18:59:46 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{B2876F6F-43B6-4DA2-9A3F-409C7416AC57}
[2011/10/10 17:26:16 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\Documents\Project Burns
[2011/10/09 22:17:43 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{42322C0F-0885-4B06-9A67-D3853B342FF8}
[2011/10/09 22:17:33 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{C87464F1-E0DD-4BD0-9509-3C3C719FDDE4}
[2011/10/09 10:17:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{70A01429-A625-4D91-9123-D8B35B962440}
[2011/10/09 10:16:59 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{0F70F767-9F97-44EF-9764-76DB56D608A2}
[2011/10/08 20:39:07 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{F3E354D4-ACB1-481C-9023-2D945D8C8BAF}
[2011/10/08 20:38:57 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{4FCA5E48-D257-47F8-B280-1EB8E84F53E2}
[2011/10/08 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{7DBABD8B-8FD2-418C-889A-A37EF2AAC718}
[2011/10/08 08:38:23 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{75C918D1-6FAE-4D82-A0B5-5334F4040183}
[2011/10/07 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{CB978CCC-F579-48DE-B2DC-DDBBC985756D}
[2011/10/07 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{A1A051A9-0C58-41A6-89A3-EFFAED5BAA6A}
[2011/10/07 06:02:30 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{49374E59-A107-4594-AF05-6788A590B65E}
[2011/10/07 06:02:20 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{48D1B8C6-81AE-4F0C-96C1-2B2F72C8149D}
[2011/10/06 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{2506E413-EE87-460C-B487-8A0F22B12267}
[2011/10/06 17:52:03 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{7D98E474-767F-4AEC-89B1-968EE3EAB31E}
[2011/10/05 20:58:58 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{477F6BAA-B87B-4367-972F-EBECA69D1ED0}
[2011/10/05 20:58:48 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{91CD4E48-33AE-49CD-B852-8F8A0E5C38F6}
[2011/10/04 20:50:12 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{00F9C4BB-E607-49B5-85C4-61EE12384C59}
[2011/10/04 20:50:03 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{C2C3A252-F1FA-4D7B-85B9-B7ED2513A882}
[2011/10/03 19:14:18 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{702BBB44-6696-435F-9A48-0DE0E63A1D35}
[2011/10/03 19:14:08 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{62BD1410-751A-4DCC-84CD-26BDC5CE9B60}
[2011/10/03 03:08:14 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{C4F4B5E5-3F69-4ACE-B692-132CFF7A52CE}
[2011/10/03 03:08:04 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{2CD9ECA7-8708-4835-B5C6-43E0F3490DD8}
[2011/10/02 15:07:40 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{72ACD4E8-291B-4F9B-A84E-AFA1895B3C64}
[2011/10/02 15:07:31 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{24FF79B2-0021-4D6B-8C0F-50128BCBD4EA}
[2011/10/02 00:14:39 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{A6537B51-960A-474B-96D8-6E9997AF5721}
[2011/10/02 00:14:29 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{9EF394F7-5A79-47B5-B00B-A80451D120A2}
[2011/10/01 12:14:05 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{F3112E0C-FED7-418D-8F88-06256E2F089D}
[2011/10/01 12:13:55 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{72B47DFF-1647-4CAF-A1D3-55B2F1F26EF4}
[2011/09/30 20:34:28 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{320799E5-5FC3-4B50-BACD-C67E92C5C60D}
[2011/09/30 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{320C652F-CC70-41B0-94FC-9A59313C2521}
[2011/09/29 22:20:51 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{B2F34944-FBBC-49C9-A0E1-725F73E33456}
[2011/09/29 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{4F963670-6751-40C9-AE83-532243238AD5}
[2011/09/26 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{72A00B57-42BF-418D-989F-93AD2A8C326F}
[2011/09/26 06:05:53 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{401D2377-70E6-405A-B3F9-CB5AC98B519F}
[2011/09/26 06:05:43 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{C3639EB8-532E-4454-B67A-664B421E2080}
[2011/09/25 17:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/25 17:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/25 11:02:29 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{FC08B159-738C-46A7-B46B-6A8406EEC8BF}
[2011/09/25 11:02:19 | 000,000,000 | ---D | C] -- C:\Users\Anthony O'Brocto\AppData\Local\{C8138CA3-0B13-4807-8DDC-BF17FBA6755D}
[13 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/24 21:17:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 20:52:26 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 20:52:26 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 20:45:13 | 000,000,442 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2011/10/24 20:45:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 20:44:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/24 20:44:36 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/23 21:43:13 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 21:41:51 | 000,001,245 | ---- | M] () -- C:\windows\SysNative\mapisvc.inf
[2011/10/16 19:18:23 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/16 19:18:23 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/16 19:18:23 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/15 13:34:55 | 000,002,515 | ---- | M] () -- C:\Users\Anthony O'Brocto\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/15 13:34:55 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/15 13:33:45 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/13 03:25:19 | 000,276,216 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/11 17:41:45 | 000,004,608 | ---- | M] () -- C:\Users\Anthony O'Brocto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 06:15:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[13 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/23 21:43:13 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/15 13:34:55 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/15 13:33:45 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 17:40:56 | 000,004,608 | ---- | C] () -- C:\Users\Anthony O'Brocto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/16 03:18:21 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011/07/31 11:35:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/05/20 18:15:42 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/15 19:14:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/29 08:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 08:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 08:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 07:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 07:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/16 08:36:39 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\58719923-64E3-4F44-B38A-D5B0DB86F518
[2011/05/16 13:10:22 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\Acronis
[2011/07/31 11:53:03 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\Canneverbe Limited
[2011/09/25 21:20:36 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\FrostWire
[2011/10/13 03:23:25 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\SoftGrid Client
[2011/05/15 17:29:14 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\Toshiba
[2011/05/20 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\TP
[2011/05/15 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\WinBatch
[2011/05/15 17:22:04 | 000,000,000 | ---D | M] -- C:\Users\Anthony O'Brocto\AppData\Roaming\Windows Live Writer
[2011/05/22 18:04:50 | 000,025,934 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello TonyO511,

downloading a multiboot tool


win32.genome.coa suggests a not-so-legal software sometimes, so just to be sure you know, we cannot help in situations where unauthorized software exists or is in use. The log shows some adware/search hijacker activity, and a likely malware proxy setting, Let's correct that, but get a more detailed look here before starting repairs.



The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

--------

OTL should have created a second, Extras.Txt log, located in the same place as OTL.exe. If it did not create one, download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

Open HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

---------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Decline a download of avast itself if offered
  • If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.
  • 0

#3
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Sorry - forgot those proxy settings. Do this please, then the other steps posted.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-
"ProxyServer"=-
Open Notepad (Start Search, type Notepad then click the notepad file that shows in the display), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.
  • 0

#4
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hi thanks for your reply. I am currently on vacation until Weds. I will try and do this over the weekend, but if not I will get on it when I get back. please bare with the delay.

Thanks
Tony
  • 0

#5
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No problem Tony. I get email notifications, so know when you next post. Hold off posting now until you are ready to start.
  • 0

#6
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
I found the extra log and will paste it below. Do you still want me to download hijackthis? I'm going to download gmer and run that. If you want me to run hijackthis, please just let me know......

Here is the extra log from otl...

OTL Extras logfile created on: 10/24/2011 9:09:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anthony O'Brocto\Documents\Computer fix
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 58.52% Memory free
7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.90 Gb Total Space | 169.31 Gb Free Space | 59.43% Space Free | Partition Type: NTFS

Computer Name: ANTHONYOBROCTO | User Name: Anthony O'Brocto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.5.2.15)
"Aimersoft DVD Ripper_is1" = Aimersoft DVD Ripper(Build 2.6.1.0)
"DVD Shrink_is1" = DVD Shrink 3.2
"FrostWire" = FrostWire 4.21.6
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2011 3:18:21 AM | Computer Name = AnthonyOBrocto | Source = VSS | ID = 13
Description =

Error - 9/16/2011 3:18:21 AM | Computer Name = AnthonyOBrocto | Source = VSS | ID = 8193
Description =

Error - 9/16/2011 3:18:21 AM | Computer Name = AnthonyOBrocto | Source = VSS | ID = 13
Description =

Error - 9/16/2011 3:18:21 AM | Computer Name = AnthonyOBrocto | Source = VSS | ID = 8193
Description =

Error - 9/16/2011 6:37:00 PM | Computer Name = AnthonyOBrocto | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f28 Start
Time: 01cc74c0bd921e59 Termination Time: 63 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: 5b4fe8c6-e0b4-11e0-abd6-eb8081582d86

Error - 9/18/2011 7:00:01 PM | Computer Name = AnthonyOBrocto | Source = Windows Backup | ID = 4103
Description =

Error - 9/20/2011 8:15:09 PM | Computer Name = AnthonyOBrocto | Source = Application Error | ID = 1000
Description = Faulting application name: wlmail.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb9d1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x48a2b36e Faulting process id: 0xb04 Faulting application
start time: 0x01cc77f380e5eb52 Faulting application path: C:\Program Files (x86)\Windows
Live\Mail\wlmail.exe Faulting module path: unknown Report Id: c3ad70b9-e3e6-11e0-bfc0-bc47ef3bc998

Error - 9/25/2011 4:49:31 PM | Computer Name = AnthonyOBrocto | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Anthony O'Brocto\Downloads\SoftonicDownloader_for_cdburnerxp-pro.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 9/25/2011 7:00:02 PM | Computer Name = AnthonyOBrocto | Source = Windows Backup | ID = 4103
Description =

Error - 9/26/2011 10:46:23 PM | Computer Name = AnthonyOBrocto | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


[ Media Center Events ]
Error - 9/26/2011 12:24:31 AM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 12:24:31 AM - Error connecting to the internet. 12:24:31 AM - Unable
to contact server..

Error - 9/26/2011 12:25:01 AM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 12:25:00 AM - Error connecting to the internet. 12:25:00 AM - Unable
to contact server..

Error - 9/26/2011 9:48:47 AM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 9:48:47 AM - Error connecting to the internet. 9:48:47 AM - Unable
to contact server..

Error - 9/26/2011 9:49:18 AM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 9:49:16 AM - Error connecting to the internet. 9:49:16 AM - Unable
to contact server..

Error - 9/26/2011 9:07:50 PM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 9:07:50 PM - Error connecting to the internet. 9:07:50 PM - Unable
to contact server..

Error - 9/26/2011 9:08:20 PM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 9:08:19 PM - Error connecting to the internet. 9:08:19 PM - Unable
to contact server..

Error - 9/27/2011 9:19:18 AM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 9:19:18 AM - Error connecting to the internet. 9:19:18 AM - Unable
to contact server..

Error - 9/27/2011 9:19:28 AM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 9:19:23 AM - Error connecting to the internet. 9:19:23 AM - Unable
to contact server..

Error - 9/27/2011 9:48:00 PM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 9:48:00 PM - Error connecting to the internet. 9:48:00 PM - Unable
to contact server..

Error - 9/27/2011 9:48:06 PM | Computer Name = AnthonyOBrocto | Source = MCUpdate | ID = 0
Description = 9:48:05 PM - Error connecting to the internet. 9:48:05 PM - Unable
to contact server..

[ System Events ]
Error - 10/3/2011 6:59:05 PM | Computer Name = AnthonyOBrocto | Source = ipnathlp | ID = 34001
Description =

Error - 10/3/2011 6:59:05 PM | Computer Name = AnthonyOBrocto | Source = ipnathlp | ID = 30013
Description =

Error - 10/4/2011 10:08:30 PM | Computer Name = AnthonyOBrocto | Source = ipnathlp | ID = 31004
Description =

Error - 10/8/2011 12:20:50 PM | Computer Name = AnthonyOBrocto | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/9/2011 6:58:47 AM | Computer Name = AnthonyOBrocto | Source = ipnathlp | ID = 31004
Description =

Error - 10/9/2011 7:57:00 AM | Computer Name = AnthonyOBrocto | Source = ipnathlp | ID = 31004
Description =

Error - 10/13/2011 3:25:21 AM | Computer Name = AnthonyOBrocto | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:23:15 AM on ?10/?13/?2011 was unexpected.

Error - 10/13/2011 3:25:52 AM | Computer Name = AnthonyOBrocto | Source = ipnathlp | ID = 34001
Description =

Error - 10/13/2011 3:25:52 AM | Computer Name = AnthonyOBrocto | Source = ipnathlp | ID = 30013
Description =

Error - 10/13/2011 10:40:04 PM | Computer Name = AnthonyOBrocto | Source = ipnathlp | ID = 31004
Description =


< End of report >
  • 0

#7
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
gmer found nothing and there was no report to paste. Here is the aswMBR report.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-11 15:33:40
-----------------------------
15:33:40.805 OS Version: Windows x64 6.1.7601 Service Pack 1
15:33:40.805 Number of processors: 2 586 0x2505
15:33:40.806 ComputerName: ANTHONYOBROCTO UserName:
15:33:41.612 Initialize success
15:34:10.389 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:34:10.393 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 3
15:34:10.405 Disk 0 MBR read successfully
15:34:10.409 Disk 0 MBR scan
15:34:10.413 Disk 0 Windows VISTA default MBR code
15:34:10.419 Service scanning
15:34:10.957 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:34:11.575 Modules scanning
15:34:11.581 Disk 0 trace - called modules:
15:34:11.627 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:34:11.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b8c650]
15:34:11.640 3 CLASSPNP.SYS[fffff8800185243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049ef050]
15:34:11.648 Scan finished successfully
15:34:39.069 Disk 0 MBR has been saved successfully to "C:\Users\Anthony O'Brocto\Documents\Computer fix\MBR.dat"
15:34:39.076 The log file has been saved successfully to "C:\Users\Anthony O'Brocto\Documents\Computer fix\aswMBR.txt"
  • 0

#8
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Looks good so far. You have FrostWire, so surely have a source of infection with torrent software. Let's scan check things.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
  • 0

#9
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Post removed - redundant.
  • 0

#10
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
eset results...

C:\Users\Anthony O'Brocto\AppData\Local\Temp\nsoE7DA.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Anthony O'Brocto\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Anthony O'Brocto\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Anthony O'Brocto\Documents\winamp5601_full_bundle_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Anthony O'Brocto\Downloads\frostwire-4.21.6.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Anthony O'Brocto\Downloads\SoftonicDownloader_for_cdburnerxp-pro.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Anthony O'Brocto\Downloads\winamp5622_full_bundle_emusic-7plus_all.exe Win32/OpenCandy application deleted - quarantined

mbam results...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8146

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/12/2011 9:26:17 AM
mbam-log-2011-11-12 (09-26-17).txt

Scan type: Quick scan
Objects scanned: 195362
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#11
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Questionable choice downloads bundled with OpenCandy adware, but no active infection. Those may have been some of that win32.genome.coa references. Installed with other programs, so the security software could only address pieces of it. But looks clean here - how is everything running?
  • 0

#12
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
everything seems to running ok. I don't really notice anything out of the ordinary. What started it all was my son has an acer notebook, and I wanted to put my xp OS on there so that it's a little easier to understand for him. I was told to download this mulitboot program in order to download xp to an mem stick. I foolishly downloaded the wrong multiboot program.
  • 0

#13
TonyO511

TonyO511

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
are you able to recommend and easy way to download xp to the notebook?
  • 0

#14
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Maybe I am not clear on what you are seeking, but there are no XP downloads to be had, other than cracked software. You do have to have an install CD. What does the notebook currently have for an operating system? Does the notebook have driver support for XP - you can check that at the vendor's website.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP