Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cursor Mystery - unknown virus

Started by EricShrode , Dec 14 2011 08:44 AM

  • Please log in to reply

#1
EricShrode
Posted 14 December 2011 - 08:44 AM

EricShrode

    Member

  • Member
  • PipPip
  • 23 posts
I have a problem with my cursor - it will move just fine and will highlight and allow me click on some items, but not all - especially on a web page. For example - I can scroll down by placing the cursor on the down arrow but I cannot scroll back up. I can click on some topics on a news page but not others, I can click on some boxes in a system control box but not others, I can move the cursor in a document (like this one) to some places to make a correction but not others, etc. Then at times the screen freezes and nothing will get it working - not even ctrl-alt-del. Task manager just freezes also - I have to restart. I have done a hard restart and I have run Norton 360 and Malwarebytes with no problems found.

I have attached the OTL notepad file and the OTL Extras notepad file

Hope you can help - it drives both my wife and I nuts.

Eric

OTL logfile created on: 12/13/2011 5:50:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric Shrode\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 38.68% Memory free
8.15 Gb Paging File | 5.82 Gb Available in Paging File | 71.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 114.76 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
Drive E: | 3.69 Gb Total Space | 0.10 Gb Free Space | 2.73% Space Free | Partition Type: FAT32

Computer Name: ERICSHRODE-PC | User Name: Eric Shrode | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 17:29:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric Shrode\Downloads\OTL.exe
PRC - [2011/11/09 18:34:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/22 05:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010/10/27 11:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/30 01:27:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Eric Shrode\Desktop\HiJackThis.exe
PRC - [2010/03/18 02:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/21 01:19:28 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
PRC - [2008/09/12 06:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/12 06:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/14 12:08:30 | 000,184,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/13 20:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/10/23 17:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/06/15 03:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
PRC - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/05 14:17:00 | 000,076,800 | ---- | M] () -- C:\Users\Eric Shrode\AppData\Roaming\Mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCoreGecko8.dll
MOD - [2011/11/09 18:34:24 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 08:56:49 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/09/04 15:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/01/02 21:27:40 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/01/02 21:27:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/17 16:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/11 11:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 04:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 02:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/29 15:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/12 06:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/10/23 17:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 17:06:42 | 000,168,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 18:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/06/15 03:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 11:42:44 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/09 23:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 17:39:49 | 000,432,760 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/26 22:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/10 22:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/02/12 07:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dddskx64.sys -- (ElRawDisk)
DRV:64bit: - [2008/09/12 05:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/14 17:42:48 | 000,030,208 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV:64bit: - [2008/02/29 14:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/21 10:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/02/14 15:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/21 15:42:26 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/06 19:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/26 06:19:08 | 003,196,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/13 14:27:10 | 007,041,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/03/16 00:04:10 | 000,055,808 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mr7910.sys -- (mr7910)
DRV:64bit: - [2006/11/19 23:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/08 23:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/08 23:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 17:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/10/19 13:10:40 | 000,027,456 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV - [2011/12/09 16:53:28 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111212.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/12/09 01:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.002\EX64.SYS -- (NAVEX15)
DRV - [2011/12/09 01:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/09 01:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/09 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.002\ENG64.SYS -- (NAVENG)
DRV - [2011/11/23 23:08:44 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files (x86)\Babylon-English\prxtbBab0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...m/home?AF=14542
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files (x86)\Babylon-English\prxtbBab0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eric Shrode\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 05:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/12/12 13:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6 [2011/12/13 15:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 18:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/11 10:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/13 09:02:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 05:08:43 | 000,000,000 | ---D | M]

[2008/12/17 00:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Extensions
[2008/12/17 00:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2008/06/14 11:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/12 17:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions
[2010/10/25 23:47:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 17:49:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/27 10:02:52 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/12/05 08:37:41 | 000,000,000 | ---D | M] (Babylon-EnglishBB Community Toolbar) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2011/03/30 03:27:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\[email protected]
[2011/08/31 13:47:40 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\[email protected]
[2011/11/09 18:34:31 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\[email protected]
[2011/11/09 18:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/09 18:34:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 19:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/17 01:33:40 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/03 09:06:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 18:34:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Miva)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Babylon-EnglishBB Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files (x86)\Babylon-English\prxtbBab0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Miva)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon-EnglishBB Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files (x86)\Babylon-English\prxtbBab0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Babylon-EnglishBB Toolbar) - {CE18769B-C7FA-42D2-860D-17C4662C70AD} - C:\Program Files (x86)\Babylon-English\prxtbBab0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Memorex Button Manager] C:\Program Files\Memorex Button Manager\MmrBtnMgr.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Miro] C:\Program Files (x86)\Participatory Culture Foundation\Miro\Miro.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\Run: [yDecode] C:\Program Files (x86)\yDecode\yDecode.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: berlitzonline.com ([tmm] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.121.85.2 24.121.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BF35070-730B-4FB9-A3CD-9F142D8B2CD7}: DhcpNameServer = 24.121.85.2 24.121.74.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15167e4a-6ab7-11de-a62e-001e333b0c38}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{470fa5eb-c24c-11de-bd76-001e333b0c38}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{4e490f20-03f3-11e1-ada0-001e333b0c38}\Shell - "" = AutoRun
O33 - MountPoints2\{4e490f20-03f3-11e1-ada0-001e333b0c38}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{73191364-37c9-11dd-82ba-001e333b0c38}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{7c9881fc-1c41-11dd-9e2e-001e333b0c38}\Shell - "" = AutoRun
O33 - MountPoints2\{7c9881fc-1c41-11dd-9e2e-001e333b0c38}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8b7f3267-e51c-11e0-a530-001e333b0c38}\Shell - "" = AutoRun
O33 - MountPoints2\{8b7f3267-e51c-11e0-a530-001e333b0c38}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{954fcdf7-c999-11e0-8c9b-001e333b0c38}\Shell - "" = AutoRun
O33 - MountPoints2\{954fcdf7-c999-11e0-8c9b-001e333b0c38}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{954fcee9-c999-11e0-8c9b-001e333b0c38}\Shell - "" = AutoRun
O33 - MountPoints2\{954fcee9-c999-11e0-8c9b-001e333b0c38}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{d24c03e2-1b74-11dd-a468-001e333b0c38}\Shell - "" = AutoRun
O33 - MountPoints2\{d24c03e2-1b74-11dd-a468-001e333b0c38}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 16:56:57 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/13 16:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/10 12:03:57 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\Documents\Symantec
[2011/12/10 11:42:45 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/12/10 11:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/10 11:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/10 11:42:20 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys
[2011/12/10 11:42:20 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys
[2011/12/10 11:42:20 | 000,432,760 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symtdiv.sys
[2011/12/10 11:42:20 | 000,382,584 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/12/10 11:42:20 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/12/10 11:42:19 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/12/10 11:42:19 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys
[2011/12/10 11:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/12/10 11:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/12/10 11:41:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/12/10 11:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/12/10 11:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/12/10 11:38:24 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/12/10 11:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/01 09:37:46 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\Documents\Drivers Licence Copies
[2011/11/20 04:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/13 17:36:24 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 17:36:24 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 17:21:43 | 000,002,571 | ---- | M] () -- C:\Users\Eric Shrode\Desktop\HiJackThis.lnk
[2011/12/13 16:47:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 15:43:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/13 15:41:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 12:49:06 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/11 12:49:06 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/11 12:49:06 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/11 10:24:01 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/10 11:43:48 | 003,002,974 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/12/10 11:42:44 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/12/10 11:42:44 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/12/10 11:42:44 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/12/10 11:42:33 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/12/10 11:38:24 | 000,000,859 | ---- | M] () -- C:\Users\Eric Shrode\Desktop\Norton Installation Files.lnk
[2011/12/01 17:10:26 | 025,210,795 | ---- | M] () -- C:\Users\Eric Shrode\Documents\Beware shipping Christmas gifts via UPS.eml
[2011/11/30 10:32:38 | 000,965,283 | ---- | M] () -- C:\Users\Eric Shrode\Documents\Campaign Finance Fillable Forms.eml
[2011/11/20 04:49:55 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/20 04:48:05 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/13 16:56:58 | 000,002,571 | ---- | C] () -- C:\Users\Eric Shrode\Desktop\HiJackThis.lnk
[2011/12/11 10:24:01 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/11 10:24:01 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/10 11:42:53 | 003,002,974 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/12/10 11:42:45 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/12/10 11:42:45 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/12/10 11:42:33 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/12/10 11:42:20 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.cat
[2011/12/10 11:41:59 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA.inf
[2011/12/10 11:41:59 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS.inf
[2011/12/10 11:41:59 | 000,001,474 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNetV.inf
[2011/12/10 11:41:59 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNet.inf
[2011/12/10 11:41:59 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/12/10 11:41:59 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/12/10 11:41:59 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Iron.inf
[2011/12/10 11:41:56 | 000,007,877 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv64.cat
[2011/12/10 11:41:56 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/12/10 11:41:56 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/12/10 11:41:56 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.cat
[2011/12/10 11:41:56 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/12/10 11:41:56 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/12/10 11:41:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/12/10 11:38:24 | 000,000,859 | ---- | C] () -- C:\Users\Eric Shrode\Desktop\Norton Installation Files.lnk
[2011/12/01 17:10:11 | 025,210,795 | ---- | C] () -- C:\Users\Eric Shrode\Documents\Beware shipping Christmas gifts via UPS.eml
[2011/11/30 10:32:37 | 000,965,283 | ---- | C] () -- C:\Users\Eric Shrode\Documents\Campaign Finance Fillable Forms.eml
[2011/11/20 04:49:55 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/10/31 11:47:40 | 000,178,749 | ---- | C] () -- C:\Windows\hpwins20.dat
[2011/02/26 00:34:27 | 000,000,732 | ---- | C] () -- C:\Users\Eric Shrode\AppData\Local\d3d9caps64.dat
[2011/01/13 04:00:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/06 00:25:55 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/08/30 08:20:30 | 000,000,680 | ---- | C] () -- C:\Users\Eric Shrode\AppData\Local\d3d9caps.dat
[2010/07/22 22:50:06 | 000,175,859 | ---- | C] () -- C:\Windows\hpoins42.dat
[2010/07/22 22:50:06 | 000,001,159 | ---- | C] () -- C:\Windows\hpomdl42.dat
[2010/06/29 05:08:27 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/10 21:30:36 | 000,077,381 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/04/26 23:30:03 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/04/26 23:30:03 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/04/26 23:30:03 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/04/26 23:30:03 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/04/26 23:30:03 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/04/26 23:30:03 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/04/26 23:30:03 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/04/26 23:30:03 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/04/26 23:30:03 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/04/26 23:30:03 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/04/26 23:30:03 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/04/26 23:30:03 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/04/26 23:30:03 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/04/26 23:30:03 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/04/26 23:30:03 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/04/26 23:30:03 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/04/26 23:30:03 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/04/26 23:30:03 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/04/26 23:30:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/11 02:53:53 | 000,031,049 | ---- | C] () -- C:\Users\Eric Shrode\AppData\Roaming\UserTile.png
[2009/09/23 22:23:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 22:22:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/23 22:21:01 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/11 01:52:03 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2008/12/11 01:51:54 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/07 02:02:49 | 000,231,420 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2008/11/07 02:02:49 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2008/11/05 00:43:29 | 000,012,097 | R--- | C] () -- C:\Windows\hpwscr20.dat
[2008/09/02 03:00:44 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/05/26 16:09:31 | 000,002,975 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/05/07 18:29:43 | 000,019,456 | ---- | C] () -- C:\Users\Eric Shrode\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/05 08:34:27 | 000,149,023 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/05/04 18:47:46 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/03/14 17:40:20 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/03/14 17:40:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/03/14 17:40:20 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/03/11 17:05:49 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.EXE
[2008/02/15 04:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/15 03:19:35 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/02/15 03:19:35 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/02/15 03:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/02/15 03:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/02/15 03:19:35 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/02/15 03:19:35 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/02/15 01:52:35 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/08 05:42:32 | 000,002,428 | R--- | C] () -- C:\Windows\hpwmdl20.dat
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2007/09/13 14:25:52 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2007/09/13 14:25:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2007/03/13 13:02:10 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== LOP Check ==========

[2010/03/29 05:29:07 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\Amazon
[2009/01/07 10:18:40 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/01 04:11:25 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\ESET
[2010/03/05 01:44:11 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\Facebook
[2011/01/13 03:52:07 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\GetRightToGo
[2008/05/26 16:21:02 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\Image Zone Express
[2008/12/17 00:16:55 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\Participatory Culture Foundation
[2010/02/03 05:22:44 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\PCF-VLC
[2008/05/26 16:21:02 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\Printer Info Cache
[2008/06/07 08:55:38 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\Skinux
[2011/10/27 10:08:19 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\Sling Media
[2008/06/14 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\TomTom
[2009/03/08 04:17:24 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\TOSHIBA
[2008/09/21 08:27:33 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\Ulead Systems
[2008/05/06 13:24:41 | 000,000,000 | ---D | M] -- C:\Users\Eric Shrode\AppData\Roaming\WinBatch
[2011/12/12 13:16:48 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 933 bytes -> C:\Users\Eric Shrode\Documents\Ihre Konzertkartenbestellung vom 27_10_2010.eml:OECustomProperty
@Alternate Data Stream - 856 bytes -> C:\Users\Eric Shrode\Documents\Beware shipping Christmas gifts via UPS.eml:OECustomProperty
@Alternate Data Stream - 789 bytes -> C:\Users\Eric Shrode\Documents\Pop can heat.eml:OECustomProperty
@Alternate Data Stream - 749 bytes -> C:\Users\Eric Shrode\Documents\Re_ F25 Message Received.eml:OECustomProperty
@Alternate Data Stream - 715 bytes -> C:\Users\Eric Shrode\Documents\Campaign Finance Fillable Forms.eml:OECustomProperty
@Alternate Data Stream - 700 bytes -> C:\Users\Eric Shrode\Documents\Financial Help.eml:OECustomProperty
@Alternate Data Stream - 2080 bytes -> C:\Users\Eric Shrode\Documents\Update vom Deutschland.eml:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:33FF2C1A

< End of report >


Attached File  OTL.Txt   104.7KB   92 downloads

Attached File  Extras.Txt   75.01KB   87 downloads
  • 0

Advertisements

#2
RKinner
Posted 15 December 2011 - 10:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You have two anti-virus programs running. ESET and Norton - Uninstall one of them.

Also uninstall as many of these as you can find:
Yahoo! Toolbar
Conduit Engine
Babylon Toolbar
myBabylon English Toolbar
Babylon-English Toolbar
ALOT Toolbar
Java™ 6 Update 24 (64-bit) Your Java is out of date. Get the latest at Java.com
Java™ 6 Update 26
Java™ 6 Update 3
Adobe Flash Player 10 ActiveX Out of fate. Get the latest at adobe.com


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
EricShrode
Posted 28 December 2011 - 04:14 PM

EricShrode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ron, thanks for your reply - just now found it - no notification via email and was out of state for holidays. Will follow your instructions and re post.

Eric
  • 0

#4
RKinner
Posted 28 December 2011 - 05:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No problem but go into your forum profile and check that the email address is correct. Then check your spam filter.
  • 0

#5
EricShrode
Posted 29 December 2011 - 05:16 PM

EricShrode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I followed your instructions with the following results:

Found and uninstalled all programs mentioned except Conduit Engine.

Report from ComboFix follows:
ComboFix 11-12-28.03 - Eric Shrode 12/28/2011 16:21:14.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2197 [GMT -7:00]
Running from: c:\users\Eric Shrode\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TelevisionFanaticEI
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-28 23:36 . 2011-12-28 23:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39F60D36-AF4F-4716-BCD0-787EF14E2302}\offreg.dll
2011-12-27 18:39 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39F60D36-AF4F-4716-BCD0-787EF14E2302}\mpengine.dll
2011-12-15 16:57 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 16:57 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 16:57 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 16:57 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 16:57 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 16:57 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 16:57 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 16:57 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-12-13 23:56 . 2011-12-13 23:56 388096 ----a-r- c:\users\Eric Shrode\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-13 23:56 . 2011-12-13 23:56 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-10 18:42 . 2011-07-06 19:44 34288 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-10 18:42 . 2011-12-10 18:42 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 18:42 . 2011-12-10 18:42 -------- d-----w- c:\program files\Symantec
2011-12-10 18:42 . 2011-12-10 18:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-12-10 18:41 . 2011-12-10 18:41 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-12-10 18:41 . 2011-12-10 18:41 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-12-10 18:38 . 2011-12-10 19:03 -------- d-----w- c:\programdata\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 15:56 . 2011-06-11 05:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2008-08-20 22:03 1780248 ----a-w- c:\program files (x86)\myBabylon_English\tbmyBa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files (x86)\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"Symantec PIF AlertEng"="c:\program files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys [x]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-11-24 1156216]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddskx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvia64.sys [2011-12-09 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMTDIV.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 175104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-09 138360]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw4v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 16:16]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 16:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 137240]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 187928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 155672]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-30 5682688]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pageset.com/?dm=Yahoo.com&askid=0000YHOO-ps_gse&qsrc=121&o=2550&q=Yahoo!&l=dir
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: berlitzonline.com\tmm
TCP: DhcpNameServer = 24.121.85.2 24.121.74.2
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Eric Shrode\AppData\Roaming\Mozilla\Firefox\Profiles\wxk3tk2l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - (no file)
Wow6432Node-HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-Memorex Button Manager - c:\program files\Memorex Button Manager\MmrBtnMgr.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file)
WebBrowser-{CE18769B-C7FA-42D2-860D-17C4662C70AD} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-AuralogComponentsUninstall9.exe - c:\windows\system32\\Auralog\tmm\Uninstall\AuralogComponentsUninstall9.exe
AddRemove-MemorexButtonManager - c:\program files\Memorex Button Manager\Memorex HDD Button Uninstall.exe
AddRemove-Amazon Kindle For PC - c:\users\Eric Shrode\AppData\Local\Amazon\Kindle For PC\application\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2011-12-29 13:48:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 20:48
.
Pre-Run: 126,955,290,624 bytes free
Post-Run: 131,226,628,096 bytes free
.
- - End Of File - - EA1727B74B250B7415C494A91FF4F1DF

Report from TDSSKiller follows:

14:41:59.0958 2712 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:42:00.0626 2712 ============================================================
14:42:00.0626 2712 Current date / time: 2011/12/29 14:42:00.0626
14:42:00.0627 2712 SystemInfo:
14:42:00.0627 2712
14:42:00.0627 2712 OS Version: 6.0.6002 ServicePack: 2.0
14:42:00.0627 2712 Product type: Workstation
14:42:00.0627 2712 ComputerName: ERICSHRODE-PC
14:42:00.0627 2712 UserName: Eric Shrode
14:42:00.0627 2712 Windows directory: C:\Windows
14:42:00.0628 2712 System windows directory: C:\Windows
14:42:00.0628 2712 Running under WOW64
14:42:00.0628 2712 Processor architecture: Intel x64
14:42:00.0628 2712 Number of processors: 2
14:42:00.0628 2712 Page size: 0x1000
14:42:00.0628 2712 Boot type: Normal boot
14:42:00.0628 2712 ============================================================
14:42:01.0259 2712 Initialize success
14:43:00.0670 2272 ============================================================
14:43:00.0670 2272 Scan started
14:43:00.0670 2272 Mode: Manual;
14:43:00.0670 2272 ============================================================
14:43:01.0497 2272 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:43:01.0528 2272 ACPI - ok
14:43:01.0731 2272 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:43:01.0746 2272 adp94xx - ok
14:43:01.0918 2272 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:43:01.0933 2272 adpahci - ok
14:43:02.0043 2272 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:43:02.0043 2272 adpu160m - ok
14:43:02.0245 2272 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:43:02.0245 2272 adpu320 - ok
14:43:02.0495 2272 AegisP (8dfc8e5a84be243b2bd1bfa0465aa5f2) C:\Windows\system32\DRIVERS\AegisP.sys
14:43:02.0495 2272 AegisP - ok
14:43:02.0635 2272 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
14:43:02.0682 2272 AFD - ok
14:43:02.0901 2272 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
14:43:02.0932 2272 AgereSoftModem - ok
14:43:03.0072 2272 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:43:03.0088 2272 agp440 - ok
14:43:03.0384 2272 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:43:03.0384 2272 aic78xx - ok
14:43:03.0540 2272 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:43:03.0540 2272 aliide - ok
14:43:03.0634 2272 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:43:03.0634 2272 amdide - ok
14:43:03.0712 2272 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:43:03.0727 2272 AmdK8 - ok
14:43:03.0883 2272 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:43:03.0899 2272 arc - ok
14:43:03.0977 2272 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:43:03.0977 2272 arcsas - ok
14:43:04.0086 2272 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:04.0086 2272 AsyncMac - ok
14:43:04.0133 2272 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:43:04.0133 2272 atapi - ok
14:43:04.0258 2272 Beep - ok
14:43:04.0461 2272 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx64.sys
14:43:04.0476 2272 BHDrvx64 - ok
14:43:04.0601 2272 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:43:04.0617 2272 blbdrive - ok
14:43:04.0773 2272 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:43:04.0773 2272 bowser - ok
14:43:04.0851 2272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:43:04.0851 2272 BrFiltLo - ok
14:43:04.0975 2272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:43:04.0975 2272 BrFiltUp - ok
14:43:05.0100 2272 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:43:05.0100 2272 Brserid - ok
14:43:05.0209 2272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:43:05.0209 2272 BrSerWdm - ok
14:43:05.0256 2272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:43:05.0272 2272 BrUsbMdm - ok
14:43:05.0428 2272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:43:05.0443 2272 BrUsbSer - ok
14:43:05.0553 2272 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:43:05.0553 2272 BTHMODEM - ok
14:43:05.0584 2272 catchme - ok
14:43:05.0709 2272 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:43:05.0709 2272 cdfs - ok
14:43:05.0927 2272 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:43:05.0927 2272 cdrom - ok
14:43:06.0067 2272 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:43:06.0067 2272 circlass - ok
14:43:06.0379 2272 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:43:06.0395 2272 CLFS - ok
14:43:06.0567 2272 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
14:43:06.0567 2272 CmBatt - ok
14:43:06.0613 2272 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:43:06.0613 2272 cmdide - ok
14:43:06.0707 2272 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
14:43:06.0707 2272 Compbatt - ok
14:43:06.0832 2272 cpuz132 - ok
14:43:06.0972 2272 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:43:06.0972 2272 crcdisk - ok
14:43:07.0175 2272 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:43:07.0191 2272 DfsC - ok
14:43:07.0456 2272 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:43:07.0456 2272 disk - ok
14:43:07.0581 2272 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
14:43:07.0581 2272 Dot4 - ok
14:43:07.0752 2272 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:43:07.0752 2272 Dot4Print - ok
14:43:07.0799 2272 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
14:43:07.0799 2272 dot4usb - ok
14:43:07.0908 2272 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:43:07.0908 2272 drmkaud - ok
14:43:08.0002 2272 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:43:08.0017 2272 DXGKrnl - ok
14:43:08.0127 2272 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:43:08.0127 2272 E1G60 - ok
14:43:08.0267 2272 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:43:08.0283 2272 Ecache - ok
14:43:08.0361 2272 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:43:08.0407 2272 eeCtrl - ok
14:43:08.0563 2272 ElRawDisk (4778eeecb75c6fb419745beed3530b9d) C:\Windows\system32\drivers\dddskx64.sys
14:43:08.0563 2272 ElRawDisk - ok
14:43:08.0610 2272 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:43:08.0626 2272 elxstor - ok
14:43:08.0735 2272 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:43:08.0735 2272 EraserUtilRebootDrv - ok
14:43:08.0875 2272 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:43:08.0875 2272 ErrDev - ok
14:43:08.0969 2272 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:43:08.0985 2272 exfat - ok
14:43:09.0141 2272 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:43:09.0156 2272 fastfat - ok
14:43:09.0265 2272 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:43:09.0265 2272 fdc - ok
14:43:09.0359 2272 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:43:09.0359 2272 FileInfo - ok
14:43:09.0390 2272 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:43:09.0390 2272 Filetrace - ok
14:43:09.0437 2272 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:09.0437 2272 flpydisk - ok
14:43:09.0687 2272 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:43:09.0718 2272 FltMgr - ok
14:43:09.0843 2272 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:43:09.0843 2272 Fs_Rec - ok
14:43:09.0905 2272 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
14:43:09.0905 2272 FwLnk - ok
14:43:09.0967 2272 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:43:09.0967 2272 gagp30kx - ok
14:43:10.0139 2272 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:43:10.0139 2272 GEARAspiWDM - ok
14:43:10.0342 2272 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:43:10.0357 2272 HdAudAddService - ok
14:43:10.0420 2272 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:43:10.0451 2272 HDAudBus - ok
14:43:10.0529 2272 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:43:10.0529 2272 HidBth - ok
14:43:10.0560 2272 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:43:10.0560 2272 HidIr - ok
14:43:10.0701 2272 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:43:10.0701 2272 HidUsb - ok
14:43:10.0779 2272 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:43:10.0794 2272 HpCISSs - ok
14:43:10.0966 2272 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:43:10.0981 2272 HTTP - ok
14:43:11.0028 2272 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:43:11.0028 2272 i2omp - ok
14:43:11.0169 2272 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:43:11.0169 2272 i8042prt - ok
14:43:11.0247 2272 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
14:43:11.0247 2272 iaStor - ok
14:43:11.0340 2272 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:43:11.0340 2272 iaStorV - ok
14:43:11.0512 2272 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvia64.sys
14:43:11.0543 2272 IDSVia64 - ok
14:43:11.0855 2272 igfx (0c00f469ca113ec191e916d4590d68b6) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:43:11.0995 2272 igfx - ok
14:43:12.0105 2272 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:43:12.0105 2272 iirsp - ok
14:43:12.0245 2272 IntcAzAudAddService (f93149ce3e6a866c5f42878bcff34b6a) C:\Windows\system32\drivers\RTKVHD64.sys
14:43:12.0261 2272 IntcAzAudAddService - ok
14:43:12.0370 2272 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:43:12.0370 2272 intelide - ok
14:43:12.0401 2272 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:43:12.0401 2272 intelppm - ok
14:43:12.0526 2272 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:12.0526 2272 IpFilterDriver - ok
14:43:12.0573 2272 IpInIp - ok
14:43:12.0619 2272 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:43:12.0635 2272 IPMIDRV - ok
14:43:12.0666 2272 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:43:12.0682 2272 IPNAT - ok
14:43:12.0838 2272 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:43:12.0838 2272 IRENUM - ok
14:43:13.0056 2272 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:43:13.0056 2272 isapnp - ok
14:43:13.0290 2272 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:43:13.0321 2272 iScsiPrt - ok
14:43:13.0555 2272 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:43:13.0555 2272 iteatapi - ok
14:43:13.0727 2272 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:43:13.0727 2272 iteraid - ok
14:43:13.0789 2272 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:13.0789 2272 kbdclass - ok
14:43:13.0930 2272 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:13.0945 2272 kbdhid - ok
14:43:14.0086 2272 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
14:43:14.0086 2272 KR10I64 - ok
14:43:14.0195 2272 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
14:43:14.0211 2272 KR10N64 - ok
14:43:14.0382 2272 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
14:43:14.0445 2272 KSecDD - ok
14:43:14.0585 2272 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:43:14.0601 2272 ksthunk - ok
14:43:14.0757 2272 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:43:14.0757 2272 lltdio - ok
14:43:14.0803 2272 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:43:14.0803 2272 LSI_FC - ok
14:43:14.0959 2272 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:43:14.0959 2272 LSI_SAS - ok
14:43:15.0100 2272 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:43:15.0100 2272 LSI_SCSI - ok
14:43:15.0209 2272 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:43:15.0225 2272 luafv - ok
14:43:15.0318 2272 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:43:15.0334 2272 megasas - ok
14:43:15.0552 2272 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:43:15.0599 2272 MegaSR - ok
14:43:15.0739 2272 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:43:15.0755 2272 Modem - ok
14:43:15.0880 2272 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:43:15.0895 2272 monitor - ok
14:43:16.0036 2272 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:43:16.0051 2272 mouclass - ok
14:43:16.0192 2272 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:43:16.0192 2272 mouhid - ok
14:43:16.0395 2272 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:43:16.0410 2272 MountMgr - ok
14:43:16.0457 2272 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:43:16.0473 2272 mpio - ok
14:43:16.0551 2272 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:43:16.0582 2272 mpsdrv - ok
14:43:16.0675 2272 mr7910 (500aa519c22b9b039c4308267a002b06) C:\Windows\system32\DRIVERS\mr7910.sys
14:43:16.0675 2272 mr7910 - ok
14:43:16.0800 2272 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:43:16.0800 2272 Mraid35x - ok
14:43:16.0972 2272 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:43:17.0003 2272 MRxDAV - ok
14:43:17.0112 2272 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:17.0128 2272 mrxsmb - ok
14:43:17.0268 2272 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:17.0284 2272 mrxsmb10 - ok
14:43:17.0549 2272 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:17.0565 2272 mrxsmb20 - ok
14:43:17.0752 2272 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:43:17.0767 2272 msahci - ok
14:43:17.0877 2272 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:43:17.0877 2272 msdsm - ok
14:43:17.0923 2272 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:43:17.0923 2272 Msfs - ok
14:43:18.0048 2272 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:43:18.0048 2272 msisadrv - ok
14:43:18.0079 2272 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:43:18.0079 2272 MSKSSRV - ok
14:43:18.0126 2272 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:18.0126 2272 MSPCLOCK - ok
14:43:18.0251 2272 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:43:18.0251 2272 MSPQM - ok
14:43:18.0469 2272 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:43:18.0485 2272 MsRPC - ok
14:43:18.0594 2272 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:43:18.0594 2272 mssmbios - ok
14:43:18.0625 2272 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:43:18.0641 2272 MSTEE - ok
14:43:18.0797 2272 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:43:18.0797 2272 Mup - ok
14:43:18.0937 2272 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:43:18.0969 2272 NativeWifiP - ok
14:43:19.0218 2272 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.002\ENG64.SYS
14:43:19.0218 2272 NAVENG - ok
14:43:19.0686 2272 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.002\EX64.SYS
14:43:19.0905 2272 NAVEX15 - ok
14:43:20.0107 2272 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:43:20.0123 2272 NDIS - ok
14:43:20.0279 2272 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:20.0295 2272 NdisTapi - ok
14:43:20.0497 2272 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:20.0497 2272 Ndisuio - ok
14:43:20.0638 2272 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:20.0669 2272 NdisWan - ok
14:43:20.0778 2272 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:43:20.0794 2272 NDProxy - ok
14:43:20.0981 2272 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:43:20.0981 2272 NetBIOS - ok
14:43:21.0153 2272 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:43:21.0184 2272 netbt - ok
14:43:21.0433 2272 NETw4v64 (896df962e76276c17127fc17db3e916b) C:\Windows\system32\DRIVERS\NETw4v64.sys
14:43:21.0511 2272 NETw4v64 - ok
14:43:21.0730 2272 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:43:21.0730 2272 nfrd960 - ok
14:43:21.0870 2272 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:43:21.0870 2272 Npfs - ok
14:43:21.0917 2272 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:43:21.0917 2272 nsiproxy - ok
14:43:22.0151 2272 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:43:22.0167 2272 Ntfs - ok
14:43:22.0323 2272 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:43:22.0323 2272 Null - ok
14:43:22.0463 2272 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:43:22.0479 2272 nvraid - ok
14:43:22.0557 2272 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:43:22.0572 2272 nvstor - ok
14:43:22.0603 2272 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:43:22.0619 2272 nv_agp - ok
14:43:22.0635 2272 NwlnkFlt - ok
14:43:22.0650 2272 NwlnkFwd - ok
14:43:22.0806 2272 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
14:43:22.0822 2272 ohci1394 - ok
14:43:23.0040 2272 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:43:23.0040 2272 Parport - ok
14:43:23.0103 2272 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
14:43:23.0118 2272 partmgr - ok
14:43:23.0212 2272 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:43:23.0227 2272 pci - ok
14:43:23.0368 2272 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
14:43:23.0368 2272 pciide - ok
14:43:23.0571 2272 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:43:23.0586 2272 pcmcia - ok
14:43:23.0742 2272 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:43:23.0773 2272 PEAUTH - ok
14:43:24.0007 2272 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:43:24.0023 2272 PptpMiniport - ok
14:43:24.0226 2272 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:43:24.0226 2272 Processor - ok
14:43:24.0444 2272 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:43:24.0460 2272 PSched - ok
14:43:24.0772 2272 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:43:24.0803 2272 ql2300 - ok
14:43:24.0897 2272 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:43:24.0897 2272 ql40xx - ok
14:43:24.0943 2272 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:43:24.0943 2272 QWAVEdrv - ok
14:43:25.0287 2272 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:43:25.0287 2272 RasAcd - ok
14:43:25.0614 2272 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:25.0630 2272 Rasl2tp - ok
14:43:25.0801 2272 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:25.0817 2272 RasPppoe - ok
14:43:25.0895 2272 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:43:25.0911 2272 RasSstp - ok
14:43:26.0035 2272 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:43:26.0082 2272 rdbss - ok
14:43:26.0207 2272 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:26.0207 2272 RDPCDD - ok
14:43:26.0254 2272 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:43:26.0254 2272 rdpdr - ok
14:43:26.0363 2272 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:43:26.0379 2272 RDPENCDD - ok
14:43:26.0441 2272 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
14:43:26.0441 2272 RDPWD - ok
14:43:26.0581 2272 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
14:43:26.0597 2272 rimmptsk - ok
14:43:26.0644 2272 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
14:43:26.0644 2272 rimsptsk - ok
14:43:26.0784 2272 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
14:43:26.0784 2272 rismxdp - ok
14:43:26.0956 2272 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:43:26.0971 2272 rspndr - ok
14:43:27.0065 2272 RTHDMIAzAudService - ok
14:43:27.0112 2272 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
14:43:27.0127 2272 RTL8169 - ok
14:43:27.0283 2272 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:43:27.0283 2272 sbp2port - ok
14:43:27.0486 2272 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
14:43:27.0502 2272 sdbus - ok
14:43:27.0642 2272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:43:27.0658 2272 secdrv - ok
14:43:27.0705 2272 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:43:27.0705 2272 Serenum - ok
14:43:27.0814 2272 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:43:27.0814 2272 Serial - ok
14:43:27.0876 2272 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:43:27.0892 2272 sermouse - ok
14:43:27.0985 2272 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
14:43:27.0985 2272 sffdisk - ok
14:43:28.0048 2272 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:43:28.0048 2272 sffp_mmc - ok
14:43:28.0188 2272 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:43:28.0188 2272 sffp_sd - ok
14:43:28.0266 2272 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:43:28.0266 2272 sfloppy - ok
14:43:28.0422 2272 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:43:28.0422 2272 SiSRaid2 - ok
14:43:28.0547 2272 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:43:28.0547 2272 SiSRaid4 - ok
14:43:28.0687 2272 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:43:28.0703 2272 Smb - ok
14:43:28.0781 2272 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:43:28.0781 2272 spldr - ok
14:43:28.0984 2272 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
14:43:28.0999 2272 SRTSP - ok
14:43:29.0280 2272 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
14:43:29.0296 2272 SRTSPX - ok
14:43:29.0514 2272 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:43:29.0561 2272 srv - ok
14:43:29.0733 2272 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:43:29.0764 2272 srv2 - ok
14:43:29.0920 2272 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:43:29.0935 2272 srvnet - ok
14:43:30.0091 2272 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
14:43:30.0091 2272 StillCam - ok
14:43:30.0247 2272 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:43:30.0247 2272 swenum - ok
14:43:30.0294 2272 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:43:30.0294 2272 Symc8xx - ok
14:43:30.0559 2272 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
14:43:30.0559 2272 SymDS - ok
14:43:30.0731 2272 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
14:43:30.0762 2272 SymEFA - ok
14:43:30.0918 2272 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:43:30.0918 2272 SymEvent - ok
14:43:31.0137 2272 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
14:43:31.0152 2272 SymIRON - ok
14:43:31.0402 2272 SYMTDIv (6cb70a5d30e4322bab4ad52866b0a4b8) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMTDIV.SYS
14:43:31.0417 2272 SYMTDIv - ok
14:43:31.0527 2272 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:43:31.0527 2272 Sym_hi - ok
14:43:31.0558 2272 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:43:31.0558 2272 Sym_u3 - ok
14:43:31.0636 2272 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
14:43:31.0667 2272 SynTP - ok
14:43:31.0823 2272 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
14:43:31.0839 2272 Tcpip - ok
14:43:31.0979 2272 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
14:43:31.0995 2272 Tcpip6 - ok
14:43:32.0073 2272 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
14:43:32.0088 2272 tcpipreg - ok
14:43:32.0166 2272 tdcmdpst (019e155d0225d76c24936e98d7d65cf6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:43:32.0166 2272 tdcmdpst - ok
14:43:32.0213 2272 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:43:32.0213 2272 TDPIPE - ok
14:43:32.0307 2272 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:43:32.0307 2272 TDTCP - ok
14:43:32.0369 2272 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:43:32.0369 2272 tdx - ok
14:43:32.0416 2272 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:43:32.0431 2272 TermDD - ok
14:43:32.0603 2272 Tosrfcom - ok
14:43:32.0650 2272 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
14:43:32.0650 2272 tosrfec - ok
14:43:32.0712 2272 tos_sps64 (711ee5ea958c345a50b69abbbd74d646) C:\Windows\system32\DRIVERS\tos_sps64.sys
14:43:32.0728 2272 tos_sps64 - ok
14:43:32.0853 2272 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:32.0853 2272 tssecsrv - ok
14:43:32.0884 2272 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:43:32.0884 2272 tunmp - ok
14:43:32.0946 2272 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:43:32.0946 2272 tunnel - ok
14:43:33.0024 2272 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:43:33.0024 2272 TVALZ - ok
14:43:33.0087 2272 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:43:33.0087 2272 uagp35 - ok
14:43:33.0149 2272 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:43:33.0165 2272 udfs - ok
14:43:33.0289 2272 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:43:33.0305 2272 uliagpkx - ok
14:43:33.0336 2272 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:43:33.0352 2272 uliahci - ok
14:43:33.0399 2272 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:43:33.0399 2272 UlSata - ok
14:43:33.0523 2272 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:43:33.0539 2272 ulsata2 - ok
14:43:33.0586 2272 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:43:33.0586 2272 umbus - ok
14:43:33.0648 2272 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:43:33.0648 2272 USBAAPL64 - ok
14:43:33.0773 2272 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
14:43:33.0789 2272 usbaudio - ok
14:43:33.0851 2272 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:43:33.0851 2272 usbccgp - ok
14:43:33.0929 2272 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:43:33.0945 2272 usbcir - ok
14:43:33.0991 2272 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:43:33.0991 2272 usbehci - ok
14:43:34.0038 2272 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:43:34.0069 2272 usbhub - ok
14:43:34.0163 2272 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
14:43:34.0163 2272 usbohci - ok
14:43:34.0194 2272 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:43:34.0210 2272 usbprint - ok
14:43:34.0225 2272 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:43:34.0225 2272 usbscan - ok
14:43:34.0335 2272 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:43:34.0350 2272 USBSTOR - ok
14:43:34.0381 2272 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:43:34.0397 2272 usbuhci - ok
14:43:34.0413 2272 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
14:43:34.0444 2272 usbvideo - ok
14:43:34.0569 2272 UVCFTR (060b7863943625e0193a3575c0c59e52) C:\Windows\system32\Drivers\UVCFTR_S.SYS
14:43:34.0569 2272 UVCFTR - ok
14:43:34.0678 2272 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:34.0678 2272 vga - ok
14:43:34.0756 2272 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:43:34.0756 2272 VgaSave - ok
14:43:34.0896 2272 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:43:34.0912 2272 viaide - ok
14:43:34.0990 2272 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:43:35.0005 2272 volmgr - ok
14:43:35.0068 2272 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:43:35.0115 2272 volmgrx - ok
14:43:35.0224 2272 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:43:35.0255 2272 volsnap - ok
14:43:35.0302 2272 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:43:35.0302 2272 vsmraid - ok
14:43:35.0349 2272 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:43:35.0364 2272 WacomPen - ok
14:43:35.0489 2272 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:43:35.0505 2272 Wanarp - ok
14:43:35.0505 2272 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:43:35.0505 2272 Wanarpv6 - ok
14:43:35.0567 2272 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:43:35.0567 2272 Wd - ok
14:43:35.0629 2272 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:43:35.0661 2272 Wdf01000 - ok
14:43:35.0832 2272 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
14:43:35.0832 2272 WmiAcpi - ok
14:43:35.0895 2272 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
14:43:35.0895 2272 WpdUsb - ok
14:43:35.0941 2272 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:43:35.0941 2272 ws2ifsl - ok
14:43:36.0082 2272 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:43:36.0097 2272 WUDFRd - ok
14:43:36.0160 2272 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:43:36.0222 2272 \Device\Harddisk0\DR0 - ok
14:43:36.0238 2272 Boot (0x1200) (3f449fb9f95ebe2bae6387361a927f9a) \Device\Harddisk0\DR0\Partition0
14:43:36.0238 2272 \Device\Harddisk0\DR0\Partition0 - ok
14:43:36.0238 2272 ============================================================
14:43:36.0238 2272 Scan finished
14:43:36.0238 2272 ============================================================
14:43:36.0316 3700 Detected object count: 0
14:43:36.0316 3700 Actual detected object count: 0
14:45:03.0114 4796 Deinitialize success

Report from aswMBR.exe follows:

Fix button was not enabled.

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-29 14:46:49
-----------------------------
14:46:49.573 OS Version: Windows x64 6.0.6002 Service Pack 2
14:46:49.574 Number of processors: 2 586 0xF0D
14:46:49.575 ComputerName: ERICSHRODE-PC UserName: Eric Shrode
14:46:50.726 Initialize success
14:50:03.925 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:50:03.933 Disk 0 Vendor: TOSHIBA_ LV01 Size: 305245MB BusType: 3
14:50:03.942 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
14:50:03.946 Disk 1 Vendor: ( Size: 3781MB BusType: 12
14:50:04.011 Disk 0 MBR read successfully
14:50:04.016 Disk 0 MBR scan
14:50:04.021 Disk 0 Windows VISTA default MBR code
14:50:04.058 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:50:04.097 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 303736 MB offset 3074048
14:50:04.104 Service scanning
14:50:05.885 Modules scanning
14:50:05.892 Scan finished successfully
14:51:01.590 Disk 0 MBR has been saved successfully to "C:\Users\Eric Shrode\Desktop\MBR.dat"
14:51:01.591 The log file has been saved successfully to "C:\Users\Eric Shrode\Desktop\aswMBR.txt"


Report for Malwarebytes follows:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Eric Shrode :: ERICSHRODE-PC [administrator]

12/29/2011 3:01:59 PM
mbam-log-2011-12-29 (15-01-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206166
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Report for OTL follows:

OTL logfile created on: 12/29/2011 3:15:07 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric Shrode\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 41.12% Memory free
8.15 Gb Paging File | 6.06 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 121.56 Gb Free Space | 40.98% Space Free | Partition Type: NTFS
Drive E: | 3.69 Gb Total Space | 0.10 Gb Free Space | 2.73% Space Free | Partition Type: FAT32

Computer Name: ERICSHRODE-PC | User Name: Eric Shrode | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 17:29:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric Shrode\Downloads\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010/10/27 11:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 02:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/12 06:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/12 06:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/14 12:08:30 | 000,184,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/13 20:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/10/23 17:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/06/15 03:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
PRC - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/04 15:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/01/02 21:27:40 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/01/02 21:27:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/17 16:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/11 11:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 04:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 02:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/29 15:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/12 06:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/10/23 17:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 17:06:42 | 000,168,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 18:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/06/15 03:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 11:42:44 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/09 23:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 17:39:49 | 000,432,760 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/26 22:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/10 22:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/02/12 07:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dddskx64.sys -- (ElRawDisk)
DRV:64bit: - [2008/09/12 05:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/14 17:42:48 | 000,030,208 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV:64bit: - [2008/02/29 14:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/21 10:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/02/14 15:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/21 15:42:26 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/06 19:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/26 06:19:08 | 003,196,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/13 14:27:10 | 007,041,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/03/16 00:04:10 | 000,055,808 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mr7910.sys -- (mr7910)
DRV:64bit: - [2006/11/19 23:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/08 23:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/08 23:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 17:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/10/19 13:10:40 | 000,027,456 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV - [2011/12/09 16:53:28 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/12/09 01:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.002\EX64.SYS -- (NAVEX15)
DRV - [2011/12/09 01:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/09 01:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/09 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.002\ENG64.SYS -- (NAVENG)
DRV - [2011/11/23 23:08:44 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pageset.com/?dm=Yahoo.com&askid=0000YHOO-ps_gse&qsrc=121&o=2550&q=Yahoo!&l=dir
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eric Shrode\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 05:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/12/12 13:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_4_3 [2011/12/28 16:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 18:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/11 10:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 05:08:43 | 000,000,000 | ---D | M]

[2008/12/17 00:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Extensions
[2008/12/17 00:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2008/06/14 11:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/17 20:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions
[2010/10/25 23:47:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 17:49:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/27 10:02:52 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/12/05 08:37:41 | 000,000,000 | ---D | M] (Babylon-EnglishBB Community Toolbar) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2011/03/30 03:27:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\[email protected]
[2011/08/31 13:47:40 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\[email protected]
[2011/12/17 20:06:56 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Eric Shrode\AppData\Roaming\mozilla\Firefox\Profiles\wxk3tk2l.default\extensions\[email protected]
[2011/11/09 18:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/09 18:34:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 19:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/17 01:33:40 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/03 09:06:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 18:34:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/29 13:25:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: berlitzonline.com ([tmm] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.121.85.2 24.121.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AA98DF9-3F80-402C-B9F4-A8C73C9F0033}: DhcpNameServer = 24.121.85.2 24.121.74.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Eric Shrode\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 15:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/29 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\AppData\Local\temp
[2011/12/29 13:25:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/28 15:53:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/28 15:53:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/28 15:53:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/28 15:53:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/28 15:48:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/16 03:01:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 03:01:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 03:01:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 03:01:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 03:01:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 03:01:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 03:00:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/16 03:00:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/16 03:00:57 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/16 03:00:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/16 03:00:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 09:57:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 09:57:21 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 09:57:21 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 16:56:57 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/13 16:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/10 12:03:57 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\Documents\Symantec
[2011/12/10 11:42:48 | 000,034,288 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/12/10 11:42:45 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/12/10 11:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/10 11:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/10 11:42:20 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys
[2011/12/10 11:42:20 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys
[2011/12/10 11:42:20 | 000,432,760 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symtdiv.sys
[2011/12/10 11:42:20 | 000,382,584 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/12/10 11:42:20 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/12/10 11:42:19 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/12/10 11:42:19 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys
[2011/12/10 11:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/12/10 11:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/12/10 11:41:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/12/10 11:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/12/10 11:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/12/10 11:38:24 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/12/10 11:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/01 09:37:46 | 000,000,000 | ---D | C] -- C:\Users\Eric Shrode\Documents\Drivers Licence Copies
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/29 15:00:50 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 14:51:01 | 000,000,512 | ---- | M] () -- C:\Users\Eric Shrode\Desktop\MBR.dat
[2011/12/29 14:47:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 14:36:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 14:36:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 13:25:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/29 13:25:28 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 16:36:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/21 14:31:40 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/21 14:31:40 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/21 14:31:40 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/17 16:44:48 | 000,000,899 | ---- | M] () -- C:\Users\Eric Shrode\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/12/16 03:29:14 | 000,398,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 03:06:54 | 003,020,366 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/12/14 11:54:32 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/11 10:24:01 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/10 11:42:44 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/12/10 11:42:44 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/12/10 11:42:44 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/12/10 11:42:33 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/12/10 11:38:24 | 000,000,859 | ---- | M] () -- C:\Users\Eric Shrode\Desktop\Norton Installation Files.lnk
[2011/12/01 17:10:26 | 025,210,795 | ---- | M] () -- C:\Users\Eric Shrode\Documents\Beware shipping Christmas gifts via UPS.eml
[2011/11/30 10:32:38 | 000,965,283 | ---- | M] () -- C:\Users\Eric Shrode\Documents\Campaign Finance Fillable Forms.eml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 15:00:50 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 14:51:01 | 000,000,512 | ---- | C] () -- C:\Users\Eric Shrode\Desktop\MBR.dat
[2011/12/28 15:53:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/28 15:53:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/28 15:53:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/28 15:53:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/28 15:53:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/17 16:44:48 | 000,000,899 | ---- | C] () -- C:\Users\Eric Shrode\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/12/11 10:24:01 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/11 10:24:01 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/10 11:42:53 | 003,020,366 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/12/10 11:42:45 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/12/10 11:42:45 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/12/10 11:42:33 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/12/10 11:42:20 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.cat
[2011/12/10 11:41:59 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA.inf
[2011/12/10 11:41:59 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS.inf
[2011/12/10 11:41:59 | 000,001,474 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNetV.inf
[2011/12/10 11:41:59 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNet.inf
[2011/12/10 11:41:59 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/12/10 11:41:59 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/12/10 11:41:59 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Iron.inf
[2011/12/10 11:41:56 | 000,007,877 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv64.cat
[2011/12/10 11:41:56 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/12/10 11:41:56 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/12/10 11:41:56 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.cat
[2011/12/10 11:41:56 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/12/10 11:41:56 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/12/10 11:41:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/12/10 11:38:24 | 000,000,859 | ---- | C] () -- C:\Users\Eric Shrode\Desktop\Norton Installation Files.lnk
[2011/12/01 17:10:11 | 025,210,795 | ---- | C] () -- C:\Users\Eric Shrode\Documents\Beware shipping Christmas gifts via UPS.eml
[2011/11/30 10:32:37 | 000,965,283 | ---- | C] () -- C:\Users\Eric Shrode\Documents\Campaign Finance Fillable Forms.eml
[2011/10/31 11:47:40 | 000,178,749 | ---- | C] () -- C:\Windows\hpwins20.dat
[2011/02/26 00:34:27 | 000,000,732 | ---- | C] () -- C:\Users\Eric Shrode\AppData\Local\d3d9caps64.dat
[2011/01/13 04:00:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/06 00:25:55 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/08/30 08:20:30 | 000,000,680 | ---- | C] () -- C:\Users\Eric Shrode\AppData\Local\d3d9caps.dat
[2010/07/22 22:50:06 | 000,175,859 | ---- | C] () -- C:\Windows\hpoins42.dat
[2010/07/22 22:50:06 | 000,001,159 | ---- | C] () -- C:\Windows\hpomdl42.dat
[2010/06/29 05:08:27 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/10 21:30:36 | 000,077,381 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/04/26 23:30:03 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/04/26 23:30:03 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/04/26 23:30:03 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/04/26 23:30:03 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/04/26 23:30:03 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/04/26 23:30:03 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/04/26 23:30:03 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/04/26 23:30:03 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/04/26 23:30:03 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/04/26 23:30:03 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/04/26 23:30:03 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/04/26 23:30:03 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/04/26 23:30:03 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/04/26 23:30:03 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/04/26 23:30:03 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/04/26 23:30:03 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/04/26 23:30:03 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/04/26 23:30:03 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/04/26 23:30:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/11 02:53:53 | 000,031,049 | ---- | C] () -- C:\Users\Eric Shrode\AppData\Roaming\UserTile.png
[2009/09/23 22:23:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 22:22:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/23 22:21:01 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/11 01:52:03 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2008/12/11 01:51:54 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/07 02:02:49 | 000,231,420 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2008/11/07 02:02:49 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2008/11/05 00:43:29 | 000,012,097 | R--- | C] () -- C:\Windows\hpwscr20.dat
[2008/09/02 03:00:44 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/05/26 16:09:31 | 000,002,975 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/05/07 18:29:43 | 000,019,456 | ---- | C] () -- C:\Users\Eric Shrode\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/05 08:34:27 | 000,149,023 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/05/04 18:47:46 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/03/14 17:40:20 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/03/14 17:40:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/03/14 17:40:20 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/03/11 17:05:49 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.EXE
[2008/02/15 04:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/15 03:19:35 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/02/15 03:19:35 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/02/15 03:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/02/15 03:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/02/15 03:19:35 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/02/15 03:19:35 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/02/15 01:52:35 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/08 05:42:32 | 000,002,428 | R--- | C] () -- C:\Windows\hpwmdl20.dat
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2007/09/13 14:25:52 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2007/09/13 14:25:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2007/03/13 13:02:10 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 933 bytes -> C:\Users\Eric Shrode\Documents\Ihre Konzertkartenbestellung vom 27_10_2010.eml:OECustomProperty
@Alternate Data Stream - 856 bytes -> C:\Users\Eric Shrode\Documents\Beware shipping Christmas gifts via UPS.eml:OECustomProperty
@Alternate Data Stream - 789 bytes -> C:\Users\Eric Shrode\Documents\Pop can heat.eml:OECustomProperty
@Alternate Data Stream - 749 bytes -> C:\Users\Eric Shrode\Documents\Re_ F25 Message Received.eml:OECustomProperty
@Alternate Data Stream - 715 bytes -> C:\Users\Eric Shrode\Documents\Campaign Finance Fillable Forms.eml:OECustomProperty
@Alternate Data Stream - 700 bytes -> C:\Users\Eric Shrode\Documents\Financial Help.eml:OECustomProperty
@Alternate Data Stream - 2080 bytes -> C:\Users\Eric Shrode\Documents\Update vom Deutschland.eml:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:33FF2C1A

< End of report >
  • 0

#6
RKinner
Posted 29 December 2011 - 05:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Don't see any malware so let's look for other problems:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.




Ron
  • 0

#7
EricShrode
Posted 03 January 2012 - 07:12 PM

EricShrode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OK - followed your instruction with mixed results.

Cleared System Log and Application Log.

Ran the sfc/scannow then ran sigverif but that did not check my drivers - but it did verify all files were signed. So I cannot give you any driver info.

I tried to download the Event viewer by Vino Rosso but when I input http://images.malwar...om/vino/VEW.exe I got:

"Sorry, the page you were looking for could not be found"
Showing related results for: http://images.malwar...om/vino/VEW.exe
A search for "Vino Rosso Event Viewer Tool" had no results.
A search on Vino Rosso’s Help Site (http://vinorosso.110mb.com/)found no results for Event Viewer.
So no report on this one.

I tried http://live.sysinter...com/procexp.exe with no results
Found Process Explorer at http://technet.micro...ernals/bb896653 but was not able to run it as administrator but did run it.
See attached file "System Idle Process"


I tried to get http://www.filehippo...download_speccy with no results.
I did go to the filehippo web site and downloaded speccy -

See attached file "ERIC SHRODE PC"

Still having the same problem - hope you can figure it out. Can't even pay bills as I can click on the icon I need.

Thanks for your time and efforts

Eric

Attached File  ERICSHRODE-PC.txt   394.04KB   116 downloads

Attached File  System Idle Process.txt   6.55KB   111 downloads
  • 0

#8
RKinner
Posted 04 January 2012 - 12:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
When you copy a link from the website, you have to right click and Copy Link Location as the forum software likes to shorten the visible link.

Vino's real website is:
http://images.malwareremoval.com/vino/VEW.exe
tho the forum software will make it look like:
http://images.malwar...om/vino/VEW.exe
and it does work. I just tried it.

What kind of mouse do you have? (Builtin or external.) If external does turn it over and look at the bottom. Does it have a big ball or a hole with a red light? If an external mouse have you tried another one? What PC (make and model).
  • 0

#9
EricShrode
Posted 04 January 2012 - 03:39 PM

EricShrode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Ron

That explains why I was having trouble getting the web sites - I printed your instructions and just typed in the abbreviated url.

I since got the Event Viewer - results below.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 04/01/2012 9:17:26 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/01/2012 11:37:42 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE with process id 4168 stopped the removal or ejection for the device USB\VID_0781&PID_5406\0000188E5672246C.

Log: 'System' Date/Time: 03/01/2012 11:37:42 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume2\Windows\explorer.exe with process id 1436 stopped the removal or ejection for the device USB\VID_0781&PID_5406\0000188E5672246C.

Log: 'System' Date/Time: 03/01/2012 11:36:44 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE with process id 4168 stopped the removal or ejection for the device USB\VID_0781&PID_5406\0000188E5672246C.

Log: 'System' Date/Time: 03/01/2012 11:35:13 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE with process id 4168 stopped the removal or ejection for the device USB\VID_0781&PID_5406\0000188E5672246C.

Log: 'System' Date/Time: 03/01/2012 11:34:50 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE with process id 4168 stopped the removal or ejection for the device USB\VID_0781&PID_5406\0000188E5672246C.

I have a Del infrared mouse - tethered by USB. I have removed it and used the Synaptics touchpad on my Toshiba Satellite computer - still has the same problem.

At this point I think I have done all you asked other than check the drivers - what I did did not check the drivers.

The pointer acts like it is not always in complete sync with the screen - it moves to the top of the page but often does not work on the buttons and tabs at the top, but will work on the lower ones. Some times when filling a box with text I have to move the courser down, then left click to get the prompt (flashing vertical bar) to appear at the top of the box so I can start typing.

Eric
  • 0

#10
RKinner
Posted 04 January 2012 - 11:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Could you also run Vino's for the Applications events too?

Also what make and model PC is this?

Sounds like this is a laptop with a touchpad. You might try plugging the external mouse back up then disable the touchpad. I have seen them cause odd things before. Go to the PC Maker's website and see if there is a new driver for the touchpad.
  • 0

Advertisements

#11
EricShrode
Posted 05 January 2012 - 06:30 PM

EricShrode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I tried to run the Vino Tool with application but got a "Run Time error 75 - Path / File access error"

My computer is a Toshiba Satellite Laptop with a touch-pad. I did have it set to disable the touch-pad when it detected an external pointing devise. I unplugged the external devise to try just the touch-pad but I kept getting an error message (even after turning off the computer and re-booting) The message was "Synaptics TouchdPad Driver notification" Your touch-pad had been disabled because Synaptics TouchPad driver has detected another pointing device plugged into your computer" How it detected the external devise I can't figure out as it was unplugged and you can hear the "unplugged" chime and "plugged in" chime when you remove and insert the devise's USB cord. I went into "Mouse Properties" in the control panel and unchecked the box for "Disable internal devise when external USB devise is detected" After I did that I could get the touch-pad to work. I un-plugged the external devise and tried just the touch-pad. It did not work any better than the external devise. I then plugged the external devise back in - same problem.

I will go to Toshiba and look for an update driver for the touch-pad. I currently have version 7

Eric
  • 0

#12
RKinner
Posted 06 January 2012 - 01:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
"Run Time error 75 - Path / File access error" means you did not right click and run as admin.
  • 0

#13
EricShrode
Posted 06 January 2012 - 10:23 AM

EricShrode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Right you are - tried it again and it worked. See attached file VEW-2

Attached File  VEW-2.txt   14.01KB   120 downloads
  • 0

#14
EricShrode
Posted 07 January 2012 - 05:54 PM

EricShrode

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Finally got though to Toshiba and got the updated driver for the Touch-pad - no help.

Toshiba says they will try to help with the problem if I pay them up front - if you can't think of anything else to try - I guess that's my only option.

Thanks again for your efforts - I have to say - didn't think it would stump a Geek - hope it's not some bad internal component.

Have a good weekend

Eric
  • 0

#15
RKinner
Posted 07 January 2012 - 10:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We can try a few other things.

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the problem.


Get the free version of Speccy:
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP