Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can not log into ANY sites- Strange Malware?

Started by MissSashy , Nov 18 2011 12:54 PM

This topic is locked

#1
MissSashy

Posted 18 November 2011 - 12:54 PM

New Member

Member
5 posts

Okay. So my problems started about a week ago. One day I went to check my hotmail and it gave me a page that said "Unable to access the network." So I cleaned out all my cookies and made sure my firewall wasn't blocking anything. The problem is, once I cleared my cookies I was unable to log into ANYTHING. I can still go to websites, it just will not let me log in anywhere. In fact, once I log out of this site I'll probably have to go into safemode to get in again!

Now, my friends have been really nice and are excellent with computers so have been helping me (I don't know a lot about them myself lol). They told me to download Malwarebytes' Anti-Malware. So I did. I ran the full scan but it would not let me update it at all (I got an error message). It found 177 infected files! It removed about a hundred of them but could not delete all of them. The problem still persisted though so my boyfriend told me to do a system restore. I tried but I got a blue screen both times that said my computer had crashed. Once it stared again Malware bytes was completely GONE off my computer. I have no idea why.

Next, my friend wanted to use teamviewer to help me. However, the virus or whatever wouldnt let me use it. SO. I started my computer in Safemode with networking and guess what? I could log into everything again (which must means it's malware right?) My friend then downloaded Spybot for me and it cleaned out all the viruses it found. Still no improvement.

Next, I downloaded Malwarebytes again and ran a scan. It found 17 infected files this time and removed all of them. Then, just to be sure I ran the same scan in safemode (i could update it in safemode). It found nothing but I still can not log into anything outside of safemode.

I have also tried tdsskiller (which finds root viruses?) and it found nothing. I'm wondering if I got something from downloading free music from isohunt because I don't know how else I would have gotten something like this.

I am at a total loss of what to do. My friends are still trying to help me but I'm afraid they'll never find the answer :/ I really hope you guys can help me!

OH and also, I can now not even START Firefox. It just crashes right away. I'm on Chrome right now.

Thank you,
Sasha

Edited by MissSashy, 18 November 2011 - 01:03 PM.

#2
Essexboy

Posted 18 November 2011 - 02:03 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi Sasha first I will need to take a look at your system - these can both be run from safe mode if needed

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
MissSashy

Posted 18 November 2011 - 03:57 PM

New Member

Topic Starter
Member
5 posts

These are very long, sorry ^^;
Here is the MBR Scan log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-18 12:12:17
-----------------------------
12:12:17.585 OS Version: Windows 6.0.6002 Service Pack 2
12:12:17.585 Number of processors: 2 586 0xF0D
12:12:17.585 ComputerName: USER-PC UserName: User
12:12:39.232 Initialize success
12:12:40.698 AVAST engine defs: 11101000
12:12:52.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:12:52.805 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
12:12:52.836 Disk 0 MBR read successfully
12:12:52.852 Disk 0 MBR scan
12:12:52.852 Disk 0 Windows VISTA default MBR code
12:12:52.852 Disk 0 scanning sectors +298696704
12:12:52.945 Disk 0 scanning C:\Windows\system32\drivers
12:13:07.704 Service scanning
12:13:10.285 Modules scanning
12:13:25.081 Disk 0 trace - called modules:
12:13:25.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll iaStor.sys
12:13:25.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86678ac8]
12:13:25.112 3 CLASSPNP.SYS[883178b3] -> nt!IofCallDriver -> [0x85545f08]
12:13:25.547 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85546028]
12:13:26.897 AVAST engine scan C:\Windows
12:13:30.974 AVAST engine scan C:\Windows\system32
12:15:12.871 AVAST engine scan C:\Windows\system32\drivers
12:15:23.936 AVAST engine scan C:\Users\User
12:44:17.875 AVAST engine scan C:\ProgramData
12:51:40.794 Scan finished successfully
12:52:43.328 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
12:52:43.421 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

And the OTL log:

OTL logfile created on: 18/11/2011 1:14:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.38% Memory free
3.97 Gb Paging File | 2.43 Gb Available in Paging File | 61.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.60 Gb Total Space | 38.17 Gb Free Space | 28.57% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/18 12:53:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/10/28 22:33:08 | 003,292,248 | ---- | M] () -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/07/04 03:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 03:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/21 23:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/10 07:14:00 | 000,275,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 14\RMTray.exe
PRC - [2008/12/09 03:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/02/06 12:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/02/12 00:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/28 22:33:08 | 003,292,248 | ---- | M] () -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
MOD - [2011/02/08 15:42:14 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/17 16:54:19 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/07/04 03:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/21 23:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 12:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/29 23:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/02/12 00:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 17:33:36 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20111007.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/13 01:54:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/13 01:54:58 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/04 03:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 03:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 03:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 03:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 03:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 03:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/09/14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/02/03 12:52:26 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/21 23:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/21 23:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/21 23:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/21 23:28:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/21 23:28:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/21 23:28:17 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/21 23:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/21 07:53:33 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 11:11:17 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2008/07/18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/19 20:37:06 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/04/17 23:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/14 18:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/03/03 18:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 10:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/16 15:36:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/31 16:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/04/09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 70 9A 69 64 A2 CC 01 [binary data]
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca...en-US:official"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.wicso.com...ls=9LRXRl3W&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/07 18:40:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/14 07:13:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 08:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 09:02:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/13 09:02:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/07 18:40:55 | 000,000,000 | ---D | M]

[2009/06/09 16:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/06/09 15:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/09/06 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions
[2009/09/02 14:17:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 14:14:58 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2009/08/22 18:41:36 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/04/16 20:37:17 | 000,000,000 | ---D | M] (Personas) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions\[email protected]
[2011/10/01 08:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions
[2010/05/12 17:29:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/01 08:10:51 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/04/12 14:53:53 | 000,000,000 | ---D | M] ("SealWeb Launcher") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\{d2d536a0-b6fc-11d5-9d10-0060b0fbd8ac}
[2011/05/10 12:27:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\[email protected]
[2011/03/31 14:00:30 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\[email protected]
[2009/08/23 07:48:24 | 000,000,682 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04hvev54.default\searchplugins\ask.xml
[2009/10/03 19:45:44 | 000,002,163 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04hvev54.default\searchplugins\bing.xml
[2011/03/04 12:30:03 | 000,002,197 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04hvev54.default\searchplugins\google-search.xml
[2011/11/13 09:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/15 16:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/13 09:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/11/13 09:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/11/13 09:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/13 09:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/11/13 09:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/14 07:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/10/14 07:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
File not found (No name found) -- C:\USERS\USER\PROGRAM FILES\DNA
[2011/09/30 19:44:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/06/19 16:29:47 | 000,024,684 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll
[2011/09/30 19:44:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/01/05 11:29:01 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/10 08:10:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\User\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_RatchetClank_v2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3\
CHR - Extension: SiteAdvisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe ()
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - ?p=ZCfox000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A7973F-7293-470D-84C9-27FB90201A74}: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96708076-C1EE-4708-9E68-B5808BF4EE6F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aa1ef27b-534c-11de-bd41-00238b594df1}\Shell\AutoRun\command - "" = E:\ConnectProSST.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 17:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/17 17:52:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/17 17:50:11 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\Documents\mbam-setup-1.51.2.1300.exe
[2011/11/17 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Documents\Mabinogi
[2011/11/16 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/16 18:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/16 18:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/16 18:24:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011/11/12 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011/11/12 19:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/12 19:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/03 17:05:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Akamai
[2011/11/01 17:46:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Pokemon Online
[2011/11/01 17:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon Online
[6 C:\Users\User\Desktop\Documents\*.tmp files -> C:\Users\User\Desktop\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/18 13:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885195011-3334626357-3620496344-1000UA.job
[2011/11/18 12:52:43 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2011/11/18 12:46:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 12:46:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 08:50:01 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegistryReviver-User-Startup.job
[2011/11/18 08:48:58 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-User-Startup.job
[2011/11/18 08:46:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/18 08:46:34 | 2005,782,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/17 19:09:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885195011-3334626357-3620496344-1000Core.job
[2011/11/17 17:52:13 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 17:51:28 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\Documents\mbam-setup-1.51.2.1300.exe
[2011/11/17 17:46:17 | 001,545,858 | ---- | M] () -- C:\Users\User\Desktop\Documents\tdsskiller.zip
[2011/11/16 19:36:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/16 19:36:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/11/16 19:28:53 | 000,001,806 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/16 18:55:55 | 000,001,050 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/16 18:55:55 | 000,001,026 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/11/16 18:45:31 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/11/16 18:45:01 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/11/16 18:44:56 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/16 17:39:27 | 000,002,048 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2011/11/16 17:39:27 | 000,002,010 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/13 09:24:19 | 287,663,882 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/13 09:14:18 | 000,609,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/13 09:14:18 | 000,108,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/08 09:11:48 | 000,026,624 | ---- | M] () -- C:\Users\User\Desktop\Documents\essay 347.wps
[2011/11/08 09:11:48 | 000,009,158 | ---- | M] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2011/11/08 09:06:25 | 000,022,016 | ---- | M] () -- C:\Users\User\Desktop\Documents\essay outline.wps
[2011/11/07 20:18:40 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/06 18:55:44 | 000,016,665 | ---- | M] () -- C:\Users\User\Desktop\Documents\316823_2453226181065_1564366965_32448873_739236530_n.jpg
[2011/11/03 17:27:43 | 000,118,893 | ---- | M] () -- C:\Users\User\Desktop\Documents\slenderman.png
[2011/11/03 17:18:37 | 000,016,433 | ---- | M] () -- C:\Users\User\Desktop\Documents\2mwrok.jpg
[2011/11/03 17:16:26 | 000,021,181 | ---- | M] () -- C:\Users\User\Desktop\Documents\o6Ycq.jpg
[2011/11/01 18:32:30 | 000,057,684 | ---- | M] () -- C:\Users\User\Desktop\Documents\46646533165365e5.jpg
[2011/11/01 18:29:37 | 000,115,379 | ---- | M] () -- C:\Users\User\Desktop\Documents\heQqu.jpg
[2011/11/01 17:51:24 | 000,000,731 | ---- | M] () -- C:\Users\Public\Desktop\Pokemon Online.lnk
[2011/10/25 07:07:12 | 000,030,208 | ---- | M] () -- C:\Users\User\Desktop\Documents\Women and words Les femme et les motes conference mapping.wps
[6 C:\Users\User\Desktop\Documents\*.tmp files -> C:\Users\User\Desktop\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/18 12:52:43 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2011/11/18 08:46:34 | 2005,782,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/17 17:52:13 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 17:45:11 | 001,545,858 | ---- | C] () -- C:\Users\User\Desktop\Documents\tdsskiller.zip
[2011/11/16 19:36:02 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/11/16 19:36:02 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/11/16 19:28:47 | 000,001,806 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/16 18:55:55 | 000,001,050 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/16 18:55:55 | 000,001,026 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/11/16 18:45:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/11/08 09:06:25 | 000,022,016 | ---- | C] () -- C:\Users\User\Desktop\Documents\essay outline.wps
[2011/11/08 07:23:11 | 000,026,624 | ---- | C] () -- C:\Users\User\Desktop\Documents\essay 347.wps
[2011/11/07 20:18:40 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/06 18:55:43 | 000,016,665 | ---- | C] () -- C:\Users\User\Desktop\Documents\316823_2453226181065_1564366965_32448873_739236530_n.jpg
[2011/11/03 17:27:31 | 000,118,893 | ---- | C] () -- C:\Users\User\Desktop\Documents\slenderman.png
[2011/11/03 17:18:34 | 000,016,433 | ---- | C] () -- C:\Users\User\Desktop\Documents\2mwrok.jpg
[2011/11/03 17:16:25 | 000,021,181 | ---- | C] () -- C:\Users\User\Desktop\Documents\o6Ycq.jpg
[2011/11/01 18:32:26 | 000,057,684 | ---- | C] () -- C:\Users\User\Desktop\Documents\46646533165365e5.jpg
[2011/11/01 18:29:21 | 000,115,379 | ---- | C] () -- C:\Users\User\Desktop\Documents\heQqu.jpg
[2011/11/01 17:16:18 | 000,000,731 | ---- | C] () -- C:\Users\Public\Desktop\Pokemon Online.lnk
[2011/10/24 16:19:11 | 000,030,208 | ---- | C] () -- C:\Users\User\Desktop\Documents\Women and words Les femme et les motes conference mapping.wps
[2011/10/07 09:37:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/10/07 09:37:23 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/03/07 21:19:19 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/04 21:28:21 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/01/28 12:18:07 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010/10/27 16:08:01 | 000,001,940 | ---- | C] () -- C:\Users\User\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/06 18:36:36 | 000,000,043 | ---- | C] () -- C:\Users\User\AppData\Roaming\AVSMediaPlayer.m3u
[2010/01/07 18:40:31 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/08 16:01:08 | 000,000,072 | ---- | C] () -- C:\Users\User\AppData\Local\rx_image.Cache
[2009/12/08 16:01:07 | 000,002,108 | ---- | C] () -- C:\Users\User\AppData\Local\rx_audio.Cache
[2009/12/03 22:06:33 | 000,077,350 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/11/11 23:04:59 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat
[2009/10/30 07:23:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/30 07:22:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/26 18:33:30 | 000,116,839 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/05 15:02:03 | 000,157,514 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
[2009/07/05 15:02:03 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2009/06/24 09:26:37 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
[2009/06/16 16:23:40 | 000,026,624 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/12 08:37:44 | 000,009,158 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2009/06/09 16:01:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/09 15:29:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/07 08:46:48 | 000,157,373 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/06/07 07:44:01 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/06/07 02:00:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/06 17:42:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/06/06 17:42:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/06/06 17:42:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/06/06 17:42:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/06/06 17:42:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/06/06 17:42:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/06/06 17:39:24 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/06/06 17:39:24 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/06/06 17:39:24 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/06/06 17:39:24 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/06/25 21:44:06 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/25 21:44:05 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/25 21:44:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/25 21:44:04 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/25 21:44:03 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/04/30 18:47:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/30 12:36:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/24 17:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 17:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 17:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 17:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 17:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 17:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/12 16:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,384,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,609,640 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,108,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/05/24 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2011/10/28 20:28:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
[2010/06/11 12:35:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Facebook
[2009/09/27 17:50:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FOG Downloader
[2011/09/19 08:57:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FrostWire
[2010/01/01 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FUJIFILM
[2009/10/04 06:59:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2010/10/29 14:04:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenCandy
[2010/09/19 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011/11/01 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Pokemon Online
[2011/11/17 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Raptr
[2009/11/21 13:04:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Research In Motion
[2011/11/14 09:50:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011/11/16 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2009/06/12 08:37:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2009/06/08 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Toshiba
[2010/10/10 09:59:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2011/04/22 12:46:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2011/02/13 08:09:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010/10/10 10:00:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2011/11/18 08:48:58 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-User-Startup.job
[2011/11/18 08:50:01 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\RegistryReviver-User-Startup.job
[2011/11/18 07:25:17 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 18:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 18:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 18:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D287FACF

< End of report >

And the Extras Log:

OTL Extras logfile created on: 18/11/2011 1:14:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.38% Memory free
3.97 Gb Paging File | 2.43 Gb Available in Paging File | 61.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.60 Gb Total Space | 38.17 Gb Free Space | 28.57% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0966BCF4-8DA5-4516-8DBC-8C4B42B8E234}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AFF8EBB-343D-478C-9197-C6A626236116}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3E517785-DDC9-4286-971B-AF0C79F2E0D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7BE9B5E3-5E66-4CCD-B152-9B9B6E5EFB02}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B64CBA10-1198-49D1-B086-83DAD51D6BF5}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{B985B210-EE68-4A14-9551-34E2864259B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D22BE372-703C-4133-A4FC-F7E3695DAAC5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0472FC46-C5AA-47DE-800E-53D7819F4C77}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{0812920D-D02B-4FBA-9968-FD1E07B4ED5A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{0A544FC0-C36D-4BC7-97C6-AF5A76742D39}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{0D36ECF6-6D30-43FC-AA62-95CC24D65D7E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0F97C849-DA0F-444D-9670-8A6F264E7235}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{264C7DDC-92F9-432A-A4A6-09AA7E1338B4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2FD171EC-FAFB-45A9-85C8-5B536C547D86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{310E0EA4-B9A1-4985-BDD3-E293303FDCF0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{34E4613A-3AB7-4314-8508-DF60C23C81D8}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3F9B6328-8608-4F92-A68C-C24A330C87B6}" = dir=in | app=c:program filespando networksmedia boosterpmb.exe |
"{448A716B-2C82-4950-8A6E-61BB50E5D8E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{4FD5DB4A-BE2F-4923-8785-D1DE39BA8EF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{525080B1-7FAF-41D3-ABC3-69BC4C72FD4C}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5FE0E503-6BEC-4980-982D-370A633D5E62}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{62985B72-798A-4B7B-97B2-752BBB6633A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{62A7F92D-5EB5-4AFE-AAD9-94BD5E131FFE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{63037855-B3D1-4DAF-BEAA-176A72E88FC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{639544D7-9A49-41D5-B89E-A69A0AA94830}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{63C85639-6301-4F32-8DC5-F8D191B67F0C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{69847134-A21D-4C82-BE14-A4D0AFF469B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{70E7CD20-B4E9-4EA8-BA0A-F1DF5497F3A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{782878DC-44C3-4A35-88D5-5C8A20EF2F9C}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7E1C2DC7-BAF6-428B-9175-EBE190BBC091}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{ABAFD25E-C73C-49DA-AB49-123094DCD3E5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B8762FCF-472B-4D21-ADD4-EE2398CCFE18}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{BBC2165C-23F8-49C2-BF2C-B19F4E078EF6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BEF4E954-5A04-43D9-A07D-2E500CF0992E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C44B5A09-8781-4216-B36C-6F3B03D04DDF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{CCC83F10-3667-42C9-9FF8-8AB779E4322E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CE555720-4121-4C56-9B79-26CFD1A508C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1F3C3A7-8304-41AD-A561-E8F5C152AA88}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D2FBDCA3-30CF-4C17-AC83-59C390992316}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E27A881A-D88E-434D-861D-25E2BE3C7387}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EEA1B319-8A6E-4156-82F2-0FA7EBF452E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F21A4869-7B28-4A01-B99D-4EAF1F8A2449}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F926D349-DC95-4DCF-8B0A-43E75EA27ED3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0B82AE01-DD95-4DEB-82DB-EE8FB0441E8E}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"TCP Query User{38E16134-18FA-443F-8D8F-DB5378A6AC1E}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"UDP Query User{BBED1C8E-B08C-4083-865E-36EF6E139177}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"UDP Query User{DDFED34B-66CC-468B-9DC3-4544D556FD48}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.30 Patch 1
"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Ask Toolbar_is1" = Ask Toolbar
"avast" = avast! Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dream Of Mirror Online" = Dream Of Mirror Online
"Gadwin PrintScreen" = Gadwin PrintScreen
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"Norton Utilities_is1" = Norton Utilities
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnlinePlay" = OnlinePlay 1.0
"Picasa2" = Picasa 2
"RegistryReviver" = RegistryReviver
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 6 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/01/2011 12:25:00 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/01/2011 12:27:50 PM | Computer Name = User-PC | Source = Desktop | ID = 268379920
Description =

Error - 24/01/2011 12:28:11 PM | Computer Name = User-PC | Source = Desktop | ID = 268379920
Description =

Error - 24/01/2011 12:32:51 PM | Computer Name = User-PC | Source = Desktop | ID = 268379920
Description =

Error - 24/01/2011 12:32:57 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application BbDevMgr.exe, version 4.0.1.3, time stamp 0x476be204,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00041bb8, process id 0x14d4, application start time
0x01cbbbe392d4e674.

Error - 24/01/2011 4:59:20 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application wkswp.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x440, application start time 0x01cbbbe756b9acd4.

Error - 24/01/2011 6:58:05 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 25/01/2011 1:51:18 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application WksWP.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x2874, application start time 0x01cbbc53d33c6850.

Error - 25/01/2011 2:55:40 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, time
stamp 0x4cf928fc, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
0x49e03821, exception code 0xc0000005, fault offset 0x00048b02, process id 0x29a8,
application start time 0x01cbbc457a41a980.

Error - 25/01/2011 12:15:07 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 18/11/2011 11:27:08 AM | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 18/11/2011 11:27:16 AM | Computer Name = User-PC | Source = DCOM | ID = 10005
Description =

Error - 18/11/2011 11:27:28 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/11/2011 11:27:28 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/11/2011 11:27:28 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18/11/2011 12:46:31 PM | Computer Name = User-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 18/11/2011 12:46:31 PM | Computer Name = User-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 18/11/2011 12:47:27 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 18/11/2011 12:48:53 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 18/11/2011 12:48:54 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Edited by MissSashy, 18 November 2011 - 03:59 PM.

#4
Essexboy

Posted 18 November 2011 - 04:09 PM

GeekU Moderator

Retired Staff
69,964 posts

OK then first thing we need to do is reduce the number of antivirus programmes to one as opposed to three

I will give you the links for all three uninstall tools and you can chose which two to uninstall

Norton
McAfee
Avast

ONCE DONE

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
MissSashy

Posted 18 November 2011 - 04:14 PM

New Member

Topic Starter
Member
5 posts

Okay, I want to uninstall Mcafee and Norton (Norton is expired anyway lol). Then I'll do the other stuff you tell me to do! Thank you for helping me

#6
Essexboy

Posted 18 November 2011 - 04:22 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem, as you are keeping Avast when you run combofix the autosandbox will pop up select run normally in the drop down

[attachment=53721:Untitled.png]

#7
MissSashy

Posted 18 November 2011 - 05:19 PM

New Member

Topic Starter
Member
5 posts

That took a really long time! I had to restart a couple times and run the norton uninstall in safemode. But, here is the log.

ComboFix 11-11-18.02 - User 18/11/2011 14:56:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1912.861 [GMT -8:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\Desktop\Documents\~WRL0003.tmp
c:\users\User\Desktop\Documents\~WRL0004.tmp
c:\users\User\Desktop\Documents\~WRL0005.tmp
c:\users\User\Desktop\Documents\~WRL1727.tmp
c:\users\User\Desktop\Documents\~WRL2157.tmp
c:\users\User\Desktop\Documents\~WRL2466.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 23:11 . 2011-11-18 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 04:52 . 2011-11-18 04:52 0 ----a-w- c:\windows\system32\sho51C6.tmp
2011-11-18 01:52 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 02:55 . 2011-11-17 03:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-17 02:55 . 2011-11-17 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-17 02:24 . 2011-11-17 02:24 -------- d-----w- c:\users\User\AppData\Roaming\TeamViewer
2011-11-14 00:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-13 17:35 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-13 17:35 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-13 03:08 . 2011-11-13 03:08 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-11-13 03:08 . 2011-11-13 03:08 -------- d-----w- c:\programdata\Malwarebytes
2011-11-13 03:08 . 2011-11-18 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 01:05 . 2011-11-04 01:06 -------- d-----w- c:\users\User\AppData\Local\Akamai
2011-11-02 01:46 . 2011-11-02 01:46 -------- d-----w- c:\users\User\AppData\Roaming\Pokemon Online
2011-10-26 14:42 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 23:06 . 2011-10-14 14:44 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:06 . 2011-10-14 14:44 916480 ----a-w- c:\windows\system32\wininet(835).dll
2011-09-30 23:06 . 2011-10-14 14:44 1212416 ----a-w- c:\windows\system32\urlmon(831).dll
2011-09-30 23:02 . 2011-10-16 00:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-16 00:41 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-16 00:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:01 . 2011-10-16 00:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-14 14:44 2000384 ----a-w- c:\windows\system32\iertutil(800).dll
2011-09-30 22:07 . 2011-10-16 00:41 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-16 00:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-16 00:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-16 00:41 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15 . 2011-10-16 00:36 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-14 14:39 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-14 14:39 563712 ----a-w- c:\windows\system32\oleaut32(822).dll
2011-08-25 16:14 . 2011-10-14 14:39 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-14 14:39 238080 ----a-w- c:\windows\system32\oleacc(820).dll
2011-08-25 13:31 . 2011-10-14 14:39 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-14 14:39 4096 ----a-w- c:\windows\system32\oleaccrc(821).dll
2011-10-01 03:44 . 2011-05-04 06:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 05:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-06-14 02:10 2734688 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-06-14 2734688]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-04-24 430080]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-19 15146376]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-30 3077528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Akamai NetSession Interface"="c:\users\User\AppData\Local\Akamai\netsession_win.exe" [2011-10-29 3292248]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-07 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-04-24 430080]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 20:35 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 17:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDMICtrlMan]
2008-04-26 22:57 716800 ----a-w- c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-11-30 01:58 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 20:52 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-10 8192]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2885195011-3334626357-3620496344-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 18:44]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2885195011-3334626357-3620496344-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 18:44]
.
2011-11-18 c:\windows\Tasks\Registry Reviver-User-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-11-01 18:24]
.
2011-11-18 c:\windows\Tasks\RegistryReviver-User-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-11-01 18:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.shoptoshiba.ca/welcome
TCP: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4evzi3oj.Default User\
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=9LRXRl3W&q=
FF - user.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=9LRXRl3W&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 15:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-18 15:17:03
ComboFix-quarantined-files.txt 2011-11-18 23:16
.
Pre-Run: 43,497,852,928 bytes free
Post-Run: 43,714,551,808 bytes free
.
- - End Of File - - A79BC6C76F28E2181A372EEC6B011011

#8
MissSashy

Posted 18 November 2011 - 05:21 PM

New Member

Topic Starter
Member
5 posts

IT'S FIXED!!!! MY COMPUTER IS COMPLETELY FIXED! i CAN LOG INTO EVERYTHING AGAIN! Thank you sooo much! I'm dancing around right now haha THANK YOUUUUUUUUUUU!!! :DDD

#9
Essexboy

Posted 19 November 2011 - 04:37 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets now check for orphans and confirm that all necessary windows elements work

Run Malwarebytes

.

Update Malwarebytes' Anti-Malware .
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

THEN

Run windows updates and confirm that it works

#10
Essexboy

Posted 23 November 2011 - 03:24 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.