Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.zeroaccess.b


  • Please log in to reply

#1
plasmasphinx

plasmasphinx

    New Member

  • Member
  • Pip
  • 9 posts
A Trojan that makes my computer almost unusable. Scans with Norton, AVG, and Avira can detect and delete it but it is reinstalled upon restarting the computer. When the computer restarts, the restart fails and a dialog box appears titled Startup Repair. This does not happen if I start in Safe Mode.

Before, when I launched Google Chrome, the computer would crash, so I deleted Chrome.

OTL logfile created on: 2/7/2012 9:38:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ethan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.34 Gb Available Physical Memory | 72.92% Memory free
11.90 Gb Paging File | 10.50 Gb Available in Paging File | 88.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.98 Gb Total Space | 492.78 Gb Free Space | 84.82% Space Free | Partition Type: NTFS

Computer Name: ETHAN-PC | User Name: Ethan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 21:37:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ethan\Downloads\OTL.exe
PRC - [2012/02/07 21:31:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ethan\Downloads\HijackThis.exe
PRC - [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/10 20:24:36 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/16 16:20:25 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/20 21:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/02 16:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/20 19:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/08 22:16:57 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/08/26 12:10:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/03 13:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 20:14:22 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/04/12 11:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/23 19:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/01 16:07:10 | 001,096,688 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2011/12/01 16:07:08 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/11/14 15:12:28 | 000,367,912 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/08/16 10:45:58 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/04 21:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 16:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/27 13:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/26 23:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 20:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 15:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 13:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/18 15:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/18 17:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 16:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012/02/07 12:53:53 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120207.005\EX64.SYS -- (NAVEX15)
DRV - [2012/02/07 12:53:53 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/07 12:53:53 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/07 12:53:53 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120207.005\ENG64.SYS -- (NAVENG)
DRV - [2012/02/03 16:29:00 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120207.005\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 20:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/02/07 17:13:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_4_3 [2012/02/07 17:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/06 21:26:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/10 20:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/06 21:26:19 | 000,000,000 | ---D | M]

[2011/08/16 10:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Extensions
[2011/11/10 07:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/07 17:13:51 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_4_3
[2012/02/07 17:13:52 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2012/01/10 20:24:36 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/08 19:45:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 07:56:48 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/07 19:39:13 | 000,000,054 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XeroxRegistation] C:\Users\Ethan\AppData\Local\Temp\Xerox\EReg\EReg.exe (Xerox Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - Startup: C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ethan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137FC8D0-6C99-4BC7-8E4C-E7ACE85974A2}: DhcpNameServer = 50.20.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{466AA6F6-86F8-4E45-BF8F-49A0ED22BE2F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\NPE
[2012/02/06 23:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F7068
[2012/02/06 23:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012/02/06 23:39:54 | 000,000,000 | ---D | C] -- C:\windows\system64
[2012/02/06 23:17:26 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/02/06 23:04:46 | 000,339,608 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[2012/02/06 23:04:46 | 000,145,432 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2012/02/06 23:04:40 | 000,014,776 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctBTFix64.sys
[2012/02/06 23:04:36 | 000,092,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2012/02/06 17:40:03 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/06 17:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/06 17:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/06 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Avira
[2012/02/06 17:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/02/06 17:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/02/06 17:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/02/06 13:35:32 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Malwarebytes
[2012/02/06 13:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/06 13:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/06 13:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/06 13:30:24 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/02/05 17:35:26 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2012/02/04 12:02:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/04 11:17:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/04 11:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/04 11:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/02/04 11:10:48 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/02/04 11:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/04 00:49:31 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\Symantec
[2012/02/03 14:38:40 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\The Mind that Lived On
[2012/01/31 09:39:55 | 001,096,688 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys
[2012/01/31 09:39:55 | 000,453,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys
[2012/01/31 09:39:54 | 000,367,912 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2012/01/31 09:39:52 | 000,230,952 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/01/31 09:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/01/31 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\TestApp
[2012/01/31 09:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/30 20:35:03 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Moondrop
[2012/01/30 16:08:46 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Act One Application Materials
[2012/01/30 12:20:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/01/29 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/29 15:13:29 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\PACE Anti-Piracy
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\PACE Anti-Piracy
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012/01/29 15:11:45 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Adobe
[2012/01/29 15:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/01/29 13:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/01/29 12:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2012/01/29 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012/01/29 12:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/29 12:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/21 00:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/18 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Canon
[2012/01/18 14:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2012/01/18 14:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/01/18 14:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/01/18 14:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/07 20:12:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/07 20:12:08 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 19:39:13 | 000,000,882 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.bak
[2012/02/07 19:39:13 | 000,000,054 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/02/07 19:28:45 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/02/07 18:45:08 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 18:44:36 | 000,002,128 | ---- | M] () -- C:\{E6C099A2-4BBB-4D19-9089-22E1896190D3}
[2012/02/07 18:39:04 | 000,002,408 | ---- | M] () -- C:\{6DE5C8F7-2E84-44B7-8964-FD6B45FFF7C5}
[2012/02/07 17:21:38 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 17:21:38 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 17:15:38 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/06 23:17:28 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 23:01:09 | 000,732,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/06 23:01:09 | 000,628,320 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/06 23:01:09 | 000,108,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/04 11:24:23 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/02/01 11:23:25 | 000,126,412 | ---- | M] () -- C:\Users\Ethan\Desktop\Resume.pdf
[2012/01/31 09:40:19 | 001,521,700 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/01/31 09:37:01 | 000,420,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/01/30 12:17:14 | 000,110,064 | ---- | M] () -- C:\Users\Ethan\Desktop\2012-WP-Application.pdf
[2012/01/27 22:52:38 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1207000.00D\isolate.ini
[2012/01/25 17:58:12 | 001,429,728 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2012/01/11 16:19:34 | 000,092,896 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2012/01/11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/01/11 16:17:50 | 000,014,776 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctBTFix64.sys
[2012/01/11 16:14:48 | 000,145,432 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2012/01/11 16:14:42 | 000,339,608 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/07 19:28:45 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/02/07 18:44:34 | 000,002,128 | ---- | C] () -- C:\{E6C099A2-4BBB-4D19-9089-22E1896190D3}
[2012/02/07 18:39:03 | 000,002,408 | ---- | C] () -- C:\{6DE5C8F7-2E84-44B7-8964-FD6B45FFF7C5}
[2012/02/06 23:17:28 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 11:24:23 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/01/31 09:39:56 | 001,521,700 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/01/30 12:17:17 | 000,110,064 | ---- | C] () -- C:\Users\Ethan\Desktop\2012-WP-Application.pdf
[2012/01/10 12:37:19 | 000,126,412 | ---- | C] () -- C:\Users\Ethan\Desktop\Resume.pdf
[2011/10/20 08:09:44 | 000,232,465 | ---- | C] () -- C:\windows\hpwins22.dat
[2011/08/16 10:37:25 | 000,008,704 | ---- | C] () -- C:\Users\Ethan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 21:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 21:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 21:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 20:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2009/10/14 10:38:37 | 000,002,940 | ---- | C] () -- C:\windows\hpwmdl22.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/11/22 10:01:49 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Amazon
[2012/01/18 16:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Canon
[2012/02/07 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Dropbox
[2012/01/29 15:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\PACE Anti-Piracy
[2012/01/29 15:13:29 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/02/06 21:26:50 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Spotify
[2012/01/29 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/31 09:39:09 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\TestApp
[2012/02/04 00:49:42 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Tific
[2011/10/19 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Toshiba
[2011/08/15 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\WinBatch
[2011/10/31 14:00:13 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Xerox
[2012/02/07 17:13:30 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 935 bytes -> C:\Users\Ethan\AppData\Local\Temp:o4PCm59QOkvdLb1Vwzlj7e
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 1033 bytes -> C:\Users\Ethan\AppData\Local\Temp:WJ37HeClk8ljyF6CGAGxVFgCR

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
consrv.dll
kwrd.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
plasmasphinx

plasmasphinx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Combo fix text:

ComboFix 12-02-08.02 - Ethan 02/08/2012 12:06:05.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5447 [GMT -6:00]
Running from: c:\users\Ethan\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\A23F\165F.tmp
c:\program files (x86)\LP\A23F\7C70.tmp
c:\program files (x86)\LP\A23F\87F7.tmp
c:\users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{08360916-941F-41B5-BD40-C41E61E725C3}.xps
c:\users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5C8461C-953E-4BBE-9D97-1EA7DE917F54}.xps
c:\users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C5769F36-BAC6-4231-8642-CCD7AF761C45}.xps
c:\users\Ethan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E74D72F2-27F2-4904-99A1-43640279C8C3}.xps
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\svchost.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 18:15 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-02-08 18:13 . 2012-02-08 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 17:46 . 2011-09-18 14:39 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-08 17:46 . 2011-09-16 05:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-08 17:46 . 2011-09-16 05:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-08 01:28 . 2012-02-08 01:28 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 01:22 . 2012-02-08 02:13 -------- d-----w- c:\users\Ethan\AppData\Local\NPE
2012-02-07 05:41 . 2012-02-07 17:42 -------- d-----w- c:\program files (x86)\F7068
2012-02-07 05:17 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 05:04 . 2012-01-11 22:14 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-02-07 05:04 . 2012-01-11 22:14 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-02-07 05:04 . 2012-01-11 22:17 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-02-07 05:04 . 2012-01-11 22:19 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-02-06 23:40 . 2012-02-06 23:40 -------- d-----w- c:\users\Ethan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-06 23:39 . 2012-02-07 03:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-06 23:39 . 2012-02-06 23:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-06 23:39 . 2012-02-06 23:39 -------- d-----w- c:\users\Ethan\AppData\Roaming\Avira
2012-02-06 23:38 . 2012-02-06 23:38 -------- d-----w- c:\programdata\Avira
2012-02-06 23:38 . 2012-02-06 23:38 -------- d-----w- c:\program files (x86)\Avira
2012-02-06 19:35 . 2012-02-06 19:35 -------- d-----w- c:\users\Ethan\AppData\Roaming\Malwarebytes
2012-02-06 19:35 . 2012-02-06 19:35 -------- d-----w- c:\programdata\Malwarebytes
2012-02-06 19:35 . 2012-02-07 05:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 23:35 . 2012-02-05 23:35 -------- d-----w- C:\OutputFolder
2012-02-04 18:02 . 2012-02-04 18:02 -------- d-----w- C:\$AVG
2012-02-04 17:17 . 2012-02-04 17:17 -------- d--h--w- c:\programdata\Common Files
2012-02-04 17:15 . 2012-02-06 17:58 -------- d-----w- c:\programdata\AVG2012
2012-02-04 17:14 . 2012-02-04 17:14 -------- d-----w- c:\program files (x86)\AVG
2012-02-04 17:10 . 2012-02-04 17:10 -------- d-----w- c:\windows\Sun
2012-02-04 17:07 . 2012-02-06 00:10 -------- d-----w- c:\programdata\MFAData
2012-02-04 07:02 . 2012-02-07 18:54 -------- d-----w- c:\windows\system32\drivers\NISx64\1207000.00D
2012-02-04 06:49 . 2012-02-04 06:49 -------- d-----w- c:\users\Ethan\AppData\Local\Symantec
2012-01-31 15:39 . 2011-12-01 22:07 1096688 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-01-31 15:39 . 2011-12-01 22:07 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-01-31 15:39 . 2011-11-14 21:12 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-01-31 15:39 . 2012-02-07 16:37 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-31 15:39 . 2012-01-11 22:19 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-01-31 15:39 . 2012-01-31 15:39 -------- d-----w- c:\users\Ethan\AppData\Roaming\TestApp
2012-01-30 18:20 . 2012-01-30 18:20 -------- d--h--w- c:\programdata\CanonBJ
2012-01-29 21:27 . 2012-01-29 21:27 -------- d-----w- c:\users\Ethan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-01-29 21:13 . 2012-01-29 21:13 -------- d-----w- c:\users\Ethan\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-01-29 21:12 . 2012-01-29 21:12 -------- d-----w- c:\users\Ethan\AppData\Roaming\PACE Anti-Piracy
2012-01-29 21:12 . 2012-01-29 21:12 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-01-29 21:12 . 2012-01-29 21:12 -------- d-----w- c:\users\Ethan\AppData\Local\PACE Anti-Piracy
2012-01-29 21:00 . 2012-01-29 21:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-01-29 19:22 . 2012-01-29 19:22 -------- d-----w- c:\programdata\ALM
2012-01-29 18:59 . 2012-01-30 17:34 -------- d-----w- c:\program files (x86)\Adobe Story
2012-01-29 18:57 . 2012-01-29 18:57 -------- d-----w- c:\program files (x86)\My Company Name
2012-01-29 18:56 . 2012-02-02 22:10 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-21 06:18 . 2012-02-07 03:32 -------- d-----w- c:\program files (x86)\iTunes
2012-01-21 06:18 . 2012-02-07 03:26 -------- d-----w- c:\program files\iTunes
2012-01-21 06:18 . 2012-02-07 03:26 -------- d-----w- c:\program files\iPod
2012-01-18 22:45 . 2012-01-18 22:45 -------- d-----w- c:\users\Ethan\AppData\Roaming\Canon
2012-01-18 20:19 . 2012-01-18 20:19 -------- d-----w- c:\programdata\ZoomBrowser
2012-01-18 20:18 . 2012-02-07 03:26 -------- d-----w- c:\program files (x86)\Canon
2012-01-18 20:16 . 2012-02-07 03:26 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-01-11 16:15 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:15 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:15 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 16:15 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 16:15 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:15 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 16:15 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:15 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 02:24 . 2012-01-11 02:24 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-11 02:24 . 2012-01-11 02:24 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-11 02:24 . 2012-01-11 02:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 02:24 . 2012-01-11 02:24 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-15 04:10 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 22:20 . 2011-10-14 19:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ethan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120207.005\IDSvia64.sys [2012-02-03 488568]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-24 86224]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-12-09 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [x]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-07 138360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTSFileEnum;PCTSFileEnum;c:\program files (x86)\PC Tools\DMScanning\PCTSFiles.exe [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 20:00]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 20:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ethan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"combofix"="c:\combofix\CF14188.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"combofix"="c:\combofix\CF14188.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oracle_load_balancer_60_server-forms6ip9
dlacdbhm
btaudio
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\hqvmvuwx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-ISTray - c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-Smad - c:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-XeroxRegistation - c:\users\Ethan\AppData\Local\Temp\Xerox\EReg\EReg.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-08 12:21:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-08 18:21
.
Pre-Run: 528,540,311,552 bytes free
Post-Run: 528,597,504,000 bytes free
.
- - End Of File - - EBBAA2C3258565D66B933941425C6427





TDSSKiller Text:

12:27:19.0517 1952 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
12:27:20.0172 1952 ============================================================
12:27:20.0172 1952 Current date / time: 2012/02/08 12:27:20.0172
12:27:20.0172 1952 SystemInfo:
12:27:20.0172 1952
12:27:20.0172 1952 OS Version: 6.1.7601 ServicePack: 1.0
12:27:20.0172 1952 Product type: Workstation
12:27:20.0172 1952 ComputerName: ETHAN-PC
12:27:20.0172 1952 UserName: Ethan
12:27:20.0172 1952 Windows directory: C:\windows
12:27:20.0172 1952 System windows directory: C:\windows
12:27:20.0172 1952 Running under WOW64
12:27:20.0172 1952 Processor architecture: Intel x64
12:27:20.0172 1952 Number of processors: 4
12:27:20.0172 1952 Page size: 0x1000
12:27:20.0172 1952 Boot type: Safe boot with network
12:27:20.0172 1952 ============================================================
12:27:21.0124 1952 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:27:21.0124 1952 \Device\Harddisk0\DR0:
12:27:21.0124 1952 MBR used
12:27:21.0124 1952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800
12:27:21.0140 1952 Initialize success
12:27:21.0140 1952 ============================================================
12:27:44.0898 0744 ============================================================
12:27:44.0898 0744 Scan started
12:27:44.0898 0744 Mode: Manual; SigCheck; TDLFS;
12:27:44.0898 0744 ============================================================
12:27:45.0304 0744 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
12:27:50.0405 0744 1394ohci - ok
12:27:50.0546 0744 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
12:27:50.0561 0744 ACPI - ok
12:27:50.0639 0744 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
12:27:50.0717 0744 AcpiPmi - ok
12:27:50.0920 0744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
12:27:50.0936 0744 adp94xx - ok
12:27:51.0060 0744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
12:27:51.0076 0744 adpahci - ok
12:27:51.0201 0744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
12:27:51.0216 0744 adpu320 - ok
12:27:51.0310 0744 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
12:27:51.0372 0744 AFD - ok
12:27:51.0513 0744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
12:27:51.0513 0744 agp440 - ok
12:27:51.0669 0744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
12:27:51.0684 0744 aliide - ok
12:27:51.0684 0744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
12:27:51.0700 0744 amdide - ok
12:27:51.0778 0744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
12:27:51.0809 0744 AmdK8 - ok
12:27:51.0887 0744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
12:27:51.0903 0744 AmdPPM - ok
12:27:51.0996 0744 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
12:27:51.0996 0744 amdsata - ok
12:27:52.0090 0744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
12:27:52.0106 0744 amdsbs - ok
12:27:52.0168 0744 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
12:27:52.0184 0744 amdxata - ok
12:27:52.0355 0744 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
12:27:52.0542 0744 AppID - ok
12:27:52.0667 0744 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
12:27:52.0683 0744 arc - ok
12:27:52.0683 0744 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
12:27:52.0698 0744 arcsas - ok
12:27:52.0730 0744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
12:27:52.0886 0744 AsyncMac - ok
12:27:52.0979 0744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
12:27:52.0979 0744 atapi - ok
12:27:53.0073 0744 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
12:27:53.0166 0744 athr - ok
12:27:53.0276 0744 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
12:27:53.0478 0744 avgntflt - ok
12:27:53.0603 0744 avipbb (d959309ececca73fc79f8ef8521346b2) C:\windows\system32\DRIVERS\avipbb.sys
12:27:53.0603 0744 avipbb - ok
12:27:53.0634 0744 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
12:27:53.0634 0744 avkmgr - ok
12:27:53.0759 0744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
12:27:53.0790 0744 b06bdrv - ok
12:27:53.0900 0744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
12:27:53.0915 0744 b57nd60a - ok
12:27:54.0009 0744 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
12:27:54.0056 0744 Beep - ok
12:27:54.0227 0744 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
12:27:54.0383 0744 BHDrvx64 - ok
12:27:54.0477 0744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
12:27:54.0492 0744 blbdrive - ok
12:27:54.0586 0744 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
12:27:54.0633 0744 bowser - ok
12:27:54.0726 0744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
12:27:54.0742 0744 BrFiltLo - ok
12:27:54.0742 0744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
12:27:54.0758 0744 BrFiltUp - ok
12:27:54.0773 0744 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
12:27:54.0820 0744 BridgeMP - ok
12:27:54.0851 0744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
12:27:54.0914 0744 Brserid - ok
12:27:54.0976 0744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
12:27:55.0007 0744 BrSerWdm - ok
12:27:55.0038 0744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
12:27:55.0070 0744 BrUsbMdm - ok
12:27:55.0132 0744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
12:27:55.0163 0744 BrUsbSer - ok
12:27:55.0257 0744 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
12:27:55.0272 0744 BtFilter - ok
12:27:55.0319 0744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
12:27:55.0350 0744 BTHMODEM - ok
12:27:55.0366 0744 catchme - ok
12:27:55.0460 0744 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
12:27:55.0506 0744 cdfs - ok
12:27:55.0600 0744 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
12:27:55.0647 0744 cdrom - ok
12:27:55.0740 0744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
12:27:55.0756 0744 circlass - ok
12:27:55.0803 0744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
12:27:55.0818 0744 CLFS - ok
12:27:55.0959 0744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
12:27:55.0990 0744 CmBatt - ok
12:27:56.0037 0744 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
12:27:56.0052 0744 cmdide - ok
12:27:56.0115 0744 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
12:27:56.0162 0744 CNG - ok
12:27:56.0302 0744 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
12:27:56.0333 0744 CnxtHdAudService - ok
12:27:56.0427 0744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
12:27:56.0442 0744 Compbatt - ok
12:27:56.0474 0744 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
12:27:56.0505 0744 CompositeBus - ok
12:27:56.0598 0744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
12:27:56.0614 0744 crcdisk - ok
12:27:56.0723 0744 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
12:27:56.0770 0744 DfsC - ok
12:27:56.0864 0744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
12:27:56.0910 0744 discache - ok
12:27:57.0004 0744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
12:27:57.0004 0744 Disk - ok
12:27:57.0129 0744 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
12:27:57.0160 0744 drmkaud - ok
12:27:57.0269 0744 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
12:27:57.0285 0744 DXGKrnl - ok
12:27:57.0363 0744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
12:27:57.0441 0744 ebdrv - ok
12:27:57.0550 0744 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:27:57.0566 0744 eeCtrl - ok
12:27:57.0690 0744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
12:27:57.0706 0744 elxstor - ok
12:27:57.0831 0744 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:27:57.0846 0744 EraserUtilRebootDrv - ok
12:27:57.0909 0744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
12:27:57.0956 0744 ErrDev - ok
12:27:58.0034 0744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
12:27:58.0080 0744 exfat - ok
12:27:58.0096 0744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
12:27:58.0143 0744 fastfat - ok
12:27:58.0268 0744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
12:27:58.0299 0744 fdc - ok
12:27:58.0314 0744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
12:27:58.0330 0744 FileInfo - ok
12:27:58.0392 0744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
12:27:58.0455 0744 Filetrace - ok
12:27:58.0580 0744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
12:27:58.0580 0744 flpydisk - ok
12:27:58.0611 0744 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
12:27:58.0626 0744 FltMgr - ok
12:27:58.0736 0744 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
12:27:58.0736 0744 FsDepends - ok
12:27:58.0751 0744 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
12:27:58.0767 0744 Fs_Rec - ok
12:27:58.0860 0744 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
12:27:58.0876 0744 fvevol - ok
12:27:58.0907 0744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
12:27:58.0923 0744 gagp30kx - ok
12:27:59.0016 0744 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:27:59.0016 0744 GEARAspiWDM - ok
12:27:59.0157 0744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
12:27:59.0172 0744 hcw85cir - ok
12:27:59.0282 0744 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
12:27:59.0313 0744 HdAudAddService - ok
12:27:59.0406 0744 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
12:27:59.0438 0744 HDAudBus - ok
12:27:59.0516 0744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
12:27:59.0547 0744 HidBatt - ok
12:27:59.0547 0744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
12:27:59.0578 0744 HidBth - ok
12:27:59.0656 0744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
12:27:59.0687 0744 HidIr - ok
12:27:59.0796 0744 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
12:27:59.0812 0744 HidUsb - ok
12:27:59.0921 0744 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
12:27:59.0937 0744 HpSAMD - ok
12:28:00.0015 0744 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
12:28:00.0062 0744 HTTP - ok
12:28:00.0124 0744 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
12:28:00.0140 0744 hwpolicy - ok
12:28:00.0233 0744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
12:28:00.0249 0744 i8042prt - ok
12:28:00.0311 0744 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
12:28:00.0311 0744 iaStor - ok
12:28:00.0420 0744 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
12:28:00.0436 0744 iaStorV - ok
12:28:00.0623 0744 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120207.005\IDSvia64.sys
12:28:00.0639 0744 IDSVia64 - ok
12:28:00.0951 0744 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
12:28:01.0310 0744 igfx - ok
12:28:01.0403 0744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
12:28:01.0419 0744 iirsp - ok
12:28:01.0544 0744 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
12:28:01.0575 0744 IntcDAud - ok
12:28:01.0668 0744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
12:28:01.0668 0744 intelide - ok
12:28:01.0762 0744 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
12:28:01.0778 0744 intelppm - ok
12:28:01.0809 0744 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:28:01.0840 0744 IpFilterDriver - ok
12:28:01.0887 0744 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
12:28:01.0918 0744 IPMIDRV - ok
12:28:01.0965 0744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
12:28:02.0012 0744 IPNAT - ok
12:28:02.0121 0744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
12:28:02.0168 0744 IRENUM - ok
12:28:02.0246 0744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
12:28:02.0261 0744 isapnp - ok
12:28:02.0277 0744 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
12:28:02.0292 0744 iScsiPrt - ok
12:28:02.0386 0744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
12:28:02.0402 0744 kbdclass - ok
12:28:02.0433 0744 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
12:28:02.0448 0744 kbdhid - ok
12:28:02.0542 0744 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
12:28:02.0558 0744 KSecDD - ok
12:28:02.0573 0744 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
12:28:02.0573 0744 KSecPkg - ok
12:28:02.0682 0744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
12:28:02.0714 0744 ksthunk - ok
12:28:02.0807 0744 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
12:28:02.0823 0744 L1C - ok
12:28:02.0932 0744 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
12:28:02.0979 0744 lltdio - ok
12:28:03.0104 0744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
12:28:03.0119 0744 LSI_FC - ok
12:28:03.0119 0744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
12:28:03.0135 0744 LSI_SAS - ok
12:28:03.0135 0744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
12:28:03.0150 0744 LSI_SAS2 - ok
12:28:03.0150 0744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
12:28:03.0166 0744 LSI_SCSI - ok
12:28:03.0260 0744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
12:28:03.0306 0744 luafv - ok
12:28:03.0416 0744 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
12:28:03.0431 0744 MBAMProtector - ok
12:28:03.0478 0744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
12:28:03.0478 0744 megasas - ok
12:28:03.0494 0744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
12:28:03.0509 0744 MegaSR - ok
12:28:03.0603 0744 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
12:28:03.0603 0744 MEIx64 - ok
12:28:03.0618 0744 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
12:28:03.0665 0744 Modem - ok
12:28:03.0728 0744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
12:28:03.0759 0744 monitor - ok
12:28:03.0806 0744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
12:28:03.0821 0744 mouclass - ok
12:28:03.0930 0744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
12:28:03.0946 0744 mouhid - ok
12:28:03.0977 0744 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
12:28:03.0977 0744 mountmgr - ok
12:28:04.0071 0744 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
12:28:04.0071 0744 mpio - ok
12:28:04.0086 0744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
12:28:04.0133 0744 mpsdrv - ok
12:28:04.0211 0744 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
12:28:04.0242 0744 MRxDAV - ok
12:28:04.0274 0744 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
12:28:04.0305 0744 mrxsmb - ok
12:28:04.0383 0744 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:28:04.0398 0744 mrxsmb10 - ok
12:28:04.0414 0744 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:28:04.0430 0744 mrxsmb20 - ok
12:28:04.0508 0744 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
12:28:04.0508 0744 msahci - ok
12:28:04.0523 0744 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
12:28:04.0539 0744 msdsm - ok
12:28:04.0632 0744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
12:28:04.0664 0744 Msfs - ok
12:28:04.0679 0744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
12:28:04.0710 0744 mshidkmdf - ok
12:28:04.0726 0744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
12:28:04.0742 0744 msisadrv - ok
12:28:04.0835 0744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
12:28:04.0882 0744 MSKSSRV - ok
12:28:04.0882 0744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
12:28:04.0929 0744 MSPCLOCK - ok
12:28:05.0007 0744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
12:28:05.0038 0744 MSPQM - ok
12:28:05.0069 0744 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
12:28:05.0085 0744 MsRPC - ok
12:28:05.0163 0744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
12:28:05.0163 0744 mssmbios - ok
12:28:05.0178 0744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
12:28:05.0225 0744 MSTEE - ok
12:28:05.0225 0744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
12:28:05.0241 0744 MTConfig - ok
12:28:05.0319 0744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
12:28:05.0334 0744 Mup - ok
12:28:05.0412 0744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
12:28:05.0444 0744 NativeWifiP - ok
12:28:05.0584 0744 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120207.005\ENG64.SYS
12:28:05.0584 0744 NAVENG - ok
12:28:05.0756 0744 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120207.005\EX64.SYS
12:28:05.0802 0744 NAVEX15 - ok
12:28:05.0912 0744 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
12:28:05.0927 0744 NDIS - ok
12:28:05.0974 0744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
12:28:06.0021 0744 NdisCap - ok
12:28:06.0099 0744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
12:28:06.0130 0744 NdisTapi - ok
12:28:06.0177 0744 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
12:28:06.0224 0744 Ndisuio - ok
12:28:06.0270 0744 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
12:28:06.0317 0744 NdisWan - ok
12:28:06.0395 0744 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
12:28:06.0427 0744 NDProxy - ok
12:28:06.0536 0744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
12:28:06.0567 0744 NetBIOS - ok
12:28:06.0598 0744 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
12:28:06.0629 0744 NetBT - ok
12:28:06.0739 0744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
12:28:06.0754 0744 nfrd960 - ok
12:28:06.0801 0744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
12:28:06.0832 0744 Npfs - ok
12:28:06.0926 0744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
12:28:06.0957 0744 nsiproxy - ok
12:28:07.0019 0744 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
12:28:07.0051 0744 Ntfs - ok
12:28:07.0144 0744 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
12:28:07.0207 0744 Null - ok
12:28:07.0300 0744 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
12:28:07.0300 0744 nvraid - ok
12:28:07.0331 0744 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
12:28:07.0347 0744 nvstor - ok
12:28:07.0425 0744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
12:28:07.0425 0744 nv_agp - ok
12:28:07.0456 0744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
12:28:07.0472 0744 ohci1394 - ok
12:28:07.0597 0744 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
12:28:07.0597 0744 Parport - ok
12:28:07.0612 0744 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
12:28:07.0628 0744 partmgr - ok
12:28:07.0706 0744 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
12:28:07.0706 0744 pci - ok
12:28:07.0737 0744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
12:28:07.0737 0744 pciide - ok
12:28:07.0768 0744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
12:28:07.0784 0744 pcmcia - ok
12:28:07.0877 0744 PCTCore (d48bd0ff27afb97005b33c9b6d26da3f) C:\windows\system32\drivers\PCTCore64.sys
12:28:07.0893 0744 PCTCore - ok
12:28:07.0940 0744 pctDS (1335454528adfa13e1d3c4fa3fdbdc42) C:\windows\system32\drivers\pctDS64.sys
12:28:07.0955 0744 pctDS - ok
12:28:08.0049 0744 pctEFA (df2a2505f17319dada4b204688cec0c2) C:\windows\system32\drivers\pctEFA64.sys
12:28:08.0080 0744 pctEFA - ok
12:28:08.0111 0744 PCTSD (13635ffcaeebddbe2ca93b1218d8331f) C:\windows\system32\Drivers\PCTSD64.sys
12:28:08.0111 0744 PCTSD - ok
12:28:08.0205 0744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
12:28:08.0205 0744 pcw - ok
12:28:08.0236 0744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
12:28:08.0283 0744 PEAUTH - ok
12:28:08.0377 0744 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
12:28:08.0392 0744 PGEffect - ok
12:28:08.0517 0744 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
12:28:08.0564 0744 PptpMiniport - ok
12:28:08.0595 0744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
12:28:08.0611 0744 Processor - ok
12:28:08.0704 0744 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
12:28:08.0735 0744 Psched - ok
12:28:08.0860 0744 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\windows\system32\Drivers\PxHlpa64.sys
12:28:08.0860 0744 PxHlpa64 - ok
12:28:08.0985 0744 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
12:28:09.0016 0744 QIOMem - ok
12:28:09.0094 0744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
12:28:09.0141 0744 ql2300 - ok
12:28:09.0219 0744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
12:28:09.0235 0744 ql40xx - ok
12:28:09.0266 0744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
12:28:09.0281 0744 QWAVEdrv - ok
12:28:09.0375 0744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
12:28:09.0422 0744 RasAcd - ok
12:28:09.0515 0744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
12:28:09.0547 0744 RasAgileVpn - ok
12:28:09.0578 0744 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
12:28:09.0625 0744 Rasl2tp - ok
12:28:09.0718 0744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
12:28:09.0765 0744 RasPppoe - ok
12:28:09.0874 0744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
12:28:09.0905 0744 RasSstp - ok
12:28:09.0937 0744 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
12:28:09.0983 0744 rdbss - ok
12:28:10.0077 0744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
12:28:10.0093 0744 rdpbus - ok
12:28:10.0124 0744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
12:28:10.0155 0744 RDPCDD - ok
12:28:10.0249 0744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
12:28:10.0295 0744 RDPENCDD - ok
12:28:10.0311 0744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
12:28:10.0342 0744 RDPREFMP - ok
12:28:10.0420 0744 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
12:28:10.0451 0744 RDPWD - ok
12:28:10.0483 0744 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
12:28:10.0498 0744 rdyboost - ok
12:28:10.0607 0744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
12:28:10.0654 0744 rspndr - ok
12:28:10.0732 0744 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
12:28:10.0732 0744 RSUSBSTOR - ok
12:28:10.0779 0744 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
12:28:10.0795 0744 RSUSBVSTOR - ok
12:28:10.0841 0744 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
12:28:10.0857 0744 sbp2port - ok
12:28:10.0873 0744 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
12:28:10.0919 0744 scfilter - ok
12:28:11.0013 0744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
12:28:11.0060 0744 secdrv - ok
12:28:11.0122 0744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
12:28:11.0153 0744 Serenum - ok
12:28:11.0200 0744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
12:28:11.0231 0744 Serial - ok
12:28:11.0278 0744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
12:28:11.0309 0744 sermouse - ok
12:28:11.0356 0744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
12:28:11.0356 0744 sffdisk - ok
12:28:11.0372 0744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
12:28:11.0403 0744 sffp_mmc - ok
12:28:11.0450 0744 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
12:28:11.0481 0744 sffp_sd - ok
12:28:11.0512 0744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
12:28:11.0543 0744 sfloppy - ok
12:28:11.0668 0744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
12:28:11.0668 0744 SiSRaid2 - ok
12:28:11.0684 0744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
12:28:11.0699 0744 SiSRaid4 - ok
12:28:11.0715 0744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
12:28:11.0762 0744 Smb - ok
12:28:11.0840 0744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
12:28:11.0840 0744 spldr - ok
12:28:11.0887 0744 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
12:28:11.0918 0744 SRTSP - ok
12:28:12.0011 0744 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
12:28:12.0011 0744 SRTSPX - ok
12:28:12.0058 0744 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
12:28:12.0105 0744 srv - ok
12:28:12.0308 0744 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
12:28:12.0355 0744 srv2 - ok
12:28:12.0573 0744 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
12:28:12.0573 0744 SrvHsfHDA - ok
12:28:12.0885 0744 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
12:28:12.0979 0744 SrvHsfV92 - ok
12:28:13.0259 0744 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
12:28:13.0291 0744 SrvHsfWinac - ok
12:28:13.0462 0744 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
12:28:13.0509 0744 srvnet - ok
12:28:13.0634 0744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
12:28:13.0649 0744 stexstor - ok
12:28:13.0681 0744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
12:28:13.0681 0744 swenum - ok
12:28:13.0743 0744 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
12:28:13.0759 0744 SymDS - ok
12:28:13.0852 0744 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
12:28:13.0868 0744 SymEFA - ok
12:28:13.0977 0744 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
12:28:13.0993 0744 SymEvent - ok
12:28:14.0055 0744 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
12:28:14.0055 0744 SymIRON - ok
12:28:14.0180 0744 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
12:28:14.0195 0744 SymNetS - ok
12:28:14.0305 0744 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
12:28:14.0336 0744 SynTP - ok
12:28:14.0461 0744 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
12:28:14.0492 0744 Tcpip - ok
12:28:14.0617 0744 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
12:28:14.0648 0744 TCPIP6 - ok
12:28:14.0726 0744 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
12:28:14.0757 0744 tcpipreg - ok
12:28:14.0819 0744 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
12:28:14.0835 0744 tdcmdpst - ok
12:28:14.0882 0744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
12:28:14.0929 0744 TDPIPE - ok
12:28:14.0960 0744 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
12:28:14.0991 0744 TDTCP - ok
12:28:15.0053 0744 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
12:28:15.0085 0744 tdx - ok
12:28:15.0100 0744 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
12:28:15.0116 0744 TermDD - ok
12:28:15.0241 0744 Tosrfcom - ok
12:28:15.0272 0744 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
12:28:15.0287 0744 tosrfec - ok
12:28:15.0319 0744 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
12:28:15.0319 0744 Tosrfusb - ok
12:28:15.0428 0744 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
12:28:15.0428 0744 tos_sps64 - ok
12:28:15.0475 0744 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
12:28:15.0506 0744 tssecsrv - ok
12:28:15.0584 0744 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
12:28:15.0615 0744 TsUsbFlt - ok
12:28:15.0615 0744 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
12:28:15.0646 0744 TsUsbGD - ok
12:28:15.0740 0744 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
12:28:15.0802 0744 tunnel - ok
12:28:15.0880 0744 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
12:28:15.0880 0744 TVALZ - ok
12:28:15.0911 0744 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
12:28:15.0911 0744 TVALZFL - ok
12:28:15.0943 0744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
12:28:15.0958 0744 uagp35 - ok
12:28:16.0036 0744 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
12:28:16.0083 0744 udfs - ok
12:28:16.0114 0744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
12:28:16.0114 0744 uliagpkx - ok
12:28:16.0208 0744 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
12:28:16.0239 0744 umbus - ok
12:28:16.0270 0744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
12:28:16.0286 0744 UmPass - ok
12:28:16.0379 0744 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
12:28:16.0395 0744 usbccgp - ok
12:28:16.0457 0744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
12:28:16.0473 0744 usbcir - ok
12:28:16.0535 0744 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
12:28:16.0567 0744 usbehci - ok
12:28:16.0645 0744 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
12:28:16.0676 0744 usbhub - ok
12:28:16.0707 0744 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
12:28:16.0723 0744 usbohci - ok
12:28:16.0816 0744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
12:28:16.0832 0744 usbprint - ok
12:28:16.0894 0744 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
12:28:16.0910 0744 usbscan - ok
12:28:16.0972 0744 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:28:17.0019 0744 USBSTOR - ok
12:28:17.0097 0744 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
12:28:17.0113 0744 usbuhci - ok
12:28:17.0159 0744 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
12:28:17.0175 0744 usbvideo - ok
12:28:17.0269 0744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
12:28:17.0284 0744 vdrvroot - ok
12:28:17.0300 0744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
12:28:17.0315 0744 vga - ok
12:28:17.0331 0744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
12:28:17.0378 0744 VgaSave - ok
12:28:17.0440 0744 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
12:28:17.0456 0744 vhdmp - ok
12:28:17.0456 0744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
12:28:17.0471 0744 viaide - ok
12:28:17.0503 0744 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
12:28:17.0518 0744 volmgr - ok
12:28:17.0534 0744 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
12:28:17.0549 0744 volmgrx - ok
12:28:17.0627 0744 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
12:28:17.0643 0744 volsnap - ok
12:28:17.0674 0744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
12:28:17.0674 0744 vsmraid - ok
12:28:17.0752 0744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
12:28:17.0783 0744 vwifibus - ok
12:28:17.0799 0744 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
12:28:17.0830 0744 vwififlt - ok
12:28:17.0924 0744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
12:28:17.0939 0744 WacomPen - ok
12:28:17.0986 0744 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
12:28:18.0033 0744 WANARP - ok
12:28:18.0033 0744 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
12:28:18.0064 0744 Wanarpv6 - ok
12:28:18.0142 0744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
12:28:18.0142 0744 Wd - ok
12:28:18.0220 0744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
12:28:18.0251 0744 Wdf01000 - ok
12:28:18.0392 0744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
12:28:18.0423 0744 WfpLwf - ok
12:28:18.0454 0744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
12:28:18.0454 0744 WIMMount - ok
12:28:18.0579 0744 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
12:28:18.0610 0744 WinUsb - ok
12:28:18.0719 0744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
12:28:18.0735 0744 WmiAcpi - ok
12:28:18.0844 0744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
12:28:18.0875 0744 ws2ifsl - ok
12:28:18.0891 0744 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
12:28:18.0938 0744 WudfPf - ok
12:28:19.0031 0744 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
12:28:19.0078 0744 WUDFRd - ok
12:28:19.0094 0744 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
12:28:19.0874 0744 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:28:19.0874 0744 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:28:19.0889 0744 Boot (0x1200) (4eb1e2b90bed742042faa8a67b61b3ec) \Device\Harddisk0\DR0\Partition0
12:28:19.0905 0744 \Device\Harddisk0\DR0\Partition0 - ok
12:28:19.0905 0744 ============================================================
12:28:19.0905 0744 Scan finished
12:28:19.0905 0744 ============================================================
12:28:19.0905 1060 Detected object count: 1
12:28:19.0905 1060 Actual detected object count: 1
12:29:51.0056 1060 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:29:51.0056 1060 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:29:51.0118 1060 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:29:51.0118 1060 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:29:51.0134 1060 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:29:51.0165 1060 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:29:51.0165 1060 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:29:51.0165 1060 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:29:51.0196 1060 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:29:51.0196 1060 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:29:51.0196 1060 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
12:29:51.0196 1060 \Device\Harddisk0\DR0\TDLFS - deleted
12:29:51.0196 1060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete





aswMBR Text:

Fix button not enabled

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 13:46:20
-----------------------------
13:46:20.819 OS Version: Windows x64 6.1.7601 Service Pack 1
13:46:20.819 Number of processors: 4 586 0x2A07
13:46:20.819 ComputerName: ETHAN-PC UserName: Ethan
13:46:22.270 Initialize success
13:46:38.743 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:46:38.743 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
13:46:38.743 Disk 0 MBR read successfully
13:46:38.743 Disk 0 MBR scan
13:46:38.743 Disk 0 Windows VISTA default MBR code
13:46:38.759 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:46:38.775 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594921 MB offset 3074048
13:46:38.806 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 1221472256
13:46:38.806 Service scanning
13:46:40.069 Modules scanning
13:46:40.069 Scan finished successfully
13:47:20.645 Disk 0 MBR has been saved successfully to "C:\Users\Ethan\Desktop\MBR.dat"
13:47:20.645 The log file has been saved successfully to "C:\Users\Ethan\Desktop\aswMBR.txt"




MBAM text:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Ethan :: ETHAN-PC [administrator]

Protection: Disabled

2/8/2012 1:57:36 PM
mbam-log-2012-02-08 (13-57-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190326
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)





OTL Text:
OTL logfile created on: 2/8/2012 2:06:38 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ethan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 82.61% Memory free
11.90 Gb Paging File | 11.00 Gb Available in Paging File | 92.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.98 Gb Total Space | 492.40 Gb Free Space | 84.75% Space Free | Partition Type: NTFS

Computer Name: ETHAN-PC | User Name: Ethan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 21:37:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ethan\Downloads\OTL.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/10 20:24:36 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/16 16:20:25 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/02 16:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/20 19:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/08 22:16:57 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/26 12:10:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/03 13:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/20 21:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 20:14:22 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/04/12 11:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/23 19:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2011/12/01 16:07:10 | 001,096,688 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2011/12/01 16:07:08 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/11/14 15:12:28 | 000,367,912 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/09/18 08:39:27 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/09/15 23:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/16 10:45:58 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/04 21:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 16:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/27 13:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/26 23:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 20:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 15:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 13:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/18 15:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/18 17:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 16:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012/02/07 12:53:53 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120207.005\EX64.SYS -- (NAVEX15)
DRV - [2012/02/07 12:53:53 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/07 12:53:53 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/07 12:53:53 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120207.005\ENG64.SYS -- (NAVENG)
DRV - [2012/02/03 16:29:00 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120207.005\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 20:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/02/08 13:50:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_4_3 [2012/02/08 13:50:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/06 21:26:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/10 20:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/06 21:26:19 | 000,000,000 | ---D | M]

[2011/08/16 10:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Extensions
[2011/11/10 07:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/08 13:50:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_4_3
[2012/02/08 13:50:10 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2012/01/10 20:24:36 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/08 19:45:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 07:56:48 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/08 12:15:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XeroxRegistation] "C:\Users\Ethan\AppData\Local\Temp\Xerox\EReg\EReg.exe" /Startup File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ethan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137FC8D0-6C99-4BC7-8E4C-E7ACE85974A2}: DhcpNameServer = 50.20.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{466AA6F6-86F8-4E45-BF8F-49A0ED22BE2F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SMR250 - Service
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SMR250 - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{A8B3E642-EA35-4CC8-A655-ACF7385EFF5E} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B17E8EC3-9151-ED61-4CAB-8A86DE985B96} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 13:56:42 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/02/08 13:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/08 13:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/08 13:55:56 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ethan\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 13:45:00 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Ethan\Desktop\aswMBR.exe
[2012/02/08 12:25:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/08 12:23:50 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ethan\Desktop\tdsskiller.exe
[2012/02/08 12:21:31 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/02/08 12:15:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/08 12:03:53 | 004,399,064 | R--- | C] (Swearware) -- C:\Users\Ethan\Desktop\ComboFix.exe
[2012/02/08 11:55:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/02/08 11:55:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/02/08 11:55:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/02/08 11:54:57 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/02/08 11:54:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/08 11:46:38 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/02/08 11:46:38 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/02/08 11:46:38 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/02/07 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\NPE
[2012/02/06 23:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F7068
[2012/02/06 23:04:46 | 000,339,608 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[2012/02/06 23:04:46 | 000,145,432 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2012/02/06 23:04:40 | 000,014,776 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctBTFix64.sys
[2012/02/06 23:04:36 | 000,092,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2012/02/06 22:17:04 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/02/06 22:17:04 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/02/06 22:17:04 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/02/06 22:17:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/02/06 22:17:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/02/06 22:17:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/02/06 17:40:03 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/06 17:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/06 17:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/06 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Avira
[2012/02/06 17:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/02/06 17:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/02/06 17:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/02/06 13:35:32 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Malwarebytes
[2012/02/06 13:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/06 13:30:24 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/02/05 17:35:26 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2012/02/04 12:02:46 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/02/04 11:17:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/04 11:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/04 11:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/02/04 11:10:48 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/02/04 11:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/04 00:49:31 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\Symantec
[2012/02/03 14:38:40 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\The Mind that Lived On
[2012/01/31 09:39:55 | 001,096,688 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys
[2012/01/31 09:39:55 | 000,453,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys
[2012/01/31 09:39:54 | 000,367,912 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2012/01/31 09:39:52 | 000,230,952 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/01/31 09:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/01/31 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\TestApp
[2012/01/31 09:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/30 20:35:03 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Moondrop
[2012/01/30 16:08:46 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Act One Application Materials
[2012/01/30 12:20:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/01/29 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/29 15:13:29 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\PACE Anti-Piracy
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\PACE Anti-Piracy
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012/01/29 15:11:45 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Adobe
[2012/01/29 15:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/01/29 13:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/01/29 12:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2012/01/29 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012/01/29 12:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/29 12:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/21 00:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/18 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Canon
[2012/01/18 14:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2012/01/18 14:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/01/18 14:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/01/18 14:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon
[2012/01/11 10:15:09 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/01/11 10:15:08 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/01/11 10:15:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/01/11 10:15:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/01/11 10:15:06 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/01/11 10:15:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/01/11 10:15:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/08 13:56:43 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 13:56:11 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ethan\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 13:52:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/08 13:52:35 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 13:50:04 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 13:47:20 | 000,000,512 | ---- | M] () -- C:\Users\Ethan\Desktop\MBR.dat
[2012/02/08 13:45:32 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Ethan\Desktop\aswMBR.exe
[2012/02/08 12:23:52 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ethan\Desktop\tdsskiller.exe
[2012/02/08 12:15:13 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/02/08 12:04:01 | 004,399,064 | R--- | M] (Swearware) -- C:\Users\Ethan\Desktop\ComboFix.exe
[2012/02/08 12:00:49 | 424,699,131 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/02/08 11:51:15 | 001,522,386 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/02/08 11:51:15 | 001,430,384 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2012/02/08 11:46:49 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/02/07 19:39:13 | 000,000,882 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.bak
[2012/02/07 19:28:45 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/02/07 18:45:08 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 18:44:36 | 000,002,128 | ---- | M] () -- C:\{E6C099A2-4BBB-4D19-9089-22E1896190D3}
[2012/02/07 18:39:04 | 000,002,408 | ---- | M] () -- C:\{6DE5C8F7-2E84-44B7-8964-FD6B45FFF7C5}
[2012/02/07 17:21:38 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 17:21:38 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 23:01:09 | 000,732,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/06 23:01:09 | 000,628,320 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/06 23:01:09 | 000,108,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/04 11:24:23 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/02/01 11:23:25 | 000,126,412 | ---- | M] () -- C:\Users\Ethan\Desktop\Resume.pdf
[2012/01/31 09:37:01 | 000,420,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/01/30 12:17:14 | 000,110,064 | ---- | M] () -- C:\Users\Ethan\Desktop\2012-WP-Application.pdf
[2012/01/27 22:52:38 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1207000.00D\isolate.ini
[2012/01/11 16:19:34 | 000,092,896 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2012/01/11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/01/11 16:17:50 | 000,014,776 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctBTFix64.sys
[2012/01/11 16:14:48 | 000,145,432 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2012/01/11 16:14:42 | 000,339,608 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/08 13:56:43 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 13:47:20 | 000,000,512 | ---- | C] () -- C:\Users\Ethan\Desktop\MBR.dat
[2012/02/08 12:00:49 | 424,699,131 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/02/08 11:55:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/02/08 11:55:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/02/08 11:55:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/02/08 11:55:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/02/08 11:55:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/02/08 11:46:49 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/02/07 19:28:45 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/02/07 18:44:34 | 000,002,128 | ---- | C] () -- C:\{E6C099A2-4BBB-4D19-9089-22E1896190D3}
[2012/02/07 18:39:03 | 000,002,408 | ---- | C] () -- C:\{6DE5C8F7-2E84-44B7-8964-FD6B45FFF7C5}
[2012/02/04 11:24:23 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/01/31 09:39:56 | 001,522,386 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/01/30 12:17:17 | 000,110,064 | ---- | C] () -- C:\Users\Ethan\Desktop\2012-WP-Application.pdf
[2012/01/10 12:37:19 | 000,126,412 | ---- | C] () -- C:\Users\Ethan\Desktop\Resume.pdf
[2011/10/20 08:09:44 | 000,232,465 | ---- | C] () -- C:\windows\hpwins22.dat
[2011/08/16 10:37:25 | 000,008,704 | ---- | C] () -- C:\Users\Ethan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 21:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 21:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 21:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 20:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2009/10/14 10:38:37 | 000,002,940 | ---- | C] () -- C:\windows\hpwmdl22.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/02/06 21:26:47 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Adobe
[2011/11/22 10:01:49 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Amazon
[2012/02/03 21:00:23 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Apple Computer
[2012/02/06 17:39:14 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Avira
[2012/01/18 16:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Canon
[2012/02/08 13:51:32 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Dropbox
[2012/02/06 21:32:51 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\dvdcss
[2011/08/15 21:17:45 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Google
[2011/08/15 21:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Identities
[2012/02/06 21:26:47 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Macromedia
[2012/02/06 13:35:32 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Malwarebytes
[2010/11/21 01:16:41 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Media Center Programs
[2012/02/07 10:27:22 | 000,000,000 | --SD | M] -- C:\Users\Ethan\AppData\Roaming\Microsoft
[2012/02/06 21:26:50 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Mozilla
[2012/01/29 15:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\PACE Anti-Piracy
[2012/01/29 15:13:29 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/02/06 21:26:50 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Skype
[2012/02/06 21:26:50 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Spotify
[2012/01/29 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/06 17:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/31 09:39:09 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\TestApp
[2012/02/04 00:49:42 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Tific
[2011/10/19 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Toshiba
[2012/02/06 21:32:52 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\vlc
[2011/08/15 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\WinBatch
[2011/10/31 14:00:13 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Xerox


< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/10 20:24:35 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/10 20:24:35 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/10 20:24:35 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/05 06:21:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/05 06:21:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/05 06:21:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/05 06:21:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/11/05 06:21:10 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/01/10 20:24:35 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/01/10 20:24:35 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/01/10 20:24:35 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/05 06:21:07 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/05 06:21:07 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/05 06:21:07 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/05 06:21:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/11/05 06:21:10 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 935 bytes -> C:\Users\Ethan\AppData\Local\Temp:o4PCm59QOkvdLb1Vwzlj7e
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 1033 bytes -> C:\Users\Ethan\AppData\Local\Temp:WJ37HeClk8ljyF6CGAGxVFgCR

< End of report >




OTL Extras:

OTL Extras logfile created on: 2/8/2012 2:06:38 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ethan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 82.61% Memory free
11.90 Gb Paging File | 11.00 Gb Available in Paging File | 92.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.98 Gb Total Space | 492.40 Gb Free Space | 84.75% Space Free | Partition Type: NTFS

Computer Name: ETHAN-PC | User Name: Ethan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NIS" = Norton Internet Security
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Spotify" = Spotify
"VLC media player" = VLC media player 1.1.7
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-12c8406f-8028-4a08-96d1-abf954d93b48" = Polar Bowler
"WTA-5d252e2f-71c4-491c-bffd-fc5d9e6ccdf4" = Chuzzle Deluxe
"WTA-618602b8-3059-4976-9f51-12d35e76d4e0" = FATE - The Traitor Soul
"WTA-65a053fe-eebc-4bc0-aeeb-9d9fb847f91c" = Bejeweled 3
"WTA-6ca3a1cb-91b2-43e1-9c6b-857fbd4ff723" = Zuma's Revenge
"WTA-9ef9da39-dc02-4adf-b073-68ea24e3d085" = Penguins!
"WTA-a63c633f-fb4a-4922-bbba-d424f2c9299e" = Plants vs. Zombies - Game of the Year
"WTA-da7fd2d3-a541-4cc8-9734-f69057e554b0" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-f1e6c997-8964-4c4c-a93b-016fc2dadf43" = Tom Clancy's Splinter Cell
"Xerox_Support_Centre" = Xerox Support Centre
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2011 6:46:52 AM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11123

Error - 12/2/2011 6:46:53 AM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/2/2011 6:46:53 AM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12261

Error - 12/2/2011 6:46:53 AM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12261

Error - 12/2/2011 11:09:06 AM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/2/2011 11:09:06 AM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15745415

Error - 12/2/2011 11:09:06 AM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15745415

Error - 12/2/2011 2:12:21 PM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/2/2011 2:12:21 PM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1061

Error - 12/2/2011 2:12:21 PM | Computer Name = Ethan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

[ System Events ]
Error - 2/6/2012 11:22:35 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/6/2012 11:22:43 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/6/2012 11:22:43 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/6/2012 11:22:43 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/6/2012 11:23:09 PM | Computer Name = Ethan-PC | Source = DCOM | ID = 10005
Description =

Error - 2/6/2012 11:37:11 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 2/6/2012 11:58:34 PM | Computer Name = Ethan-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:56:35 PM on ?2/?6/?2012 was unexpected.

Error - 2/6/2012 11:58:40 PM | Computer Name = Ethan-PC | Source = BugCheck | ID = 1001
Description =

Error - 2/7/2012 12:11:53 AM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 2/7/2012 12:57:24 AM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >

Thank you so much for your help!
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
You are running at least two Anti-Viruses.
Avira Free Antivirus
Norton Internet Security
(Can't tell what PCTools is but if it is also an anti-virus then we don't want it.)

One is all you want. Avira appears broken and Norton is not updated so I assume it has expired.

I would download the free Avast:

http://www.avast.com...ivirus-download
The Norton removal tool:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Then uninstall both. Run the Norton Removal tool. Reboot and install Avast.
(Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Uninstall
Java™ 6 Update 26 (get the latest at: java.com)
Malwarebytes Anti-Malware version 1.60.1.1000 (I know we just uninstalled it but it will interfere with other fixes.)

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O4:64bit: - HKLM..\Run: [XeroxRegistation] "C:\Users\Ethan\AppData\Local\Temp\Xerox\EReg\EReg.exe" /Startup File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
@Alternate Data Stream - 935 bytes -> C:\Users\Ethan\AppData\Local\Temp:o4PCm59QOkvdLb1Vwzlj7e
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 1033 bytes -> C:\Users\Ethan\AppData\Local\Temp:WJ37HeClk8ljyF6CGAGxVFgCR

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
net start bfe /c
net start mpssvc /c
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Please save the log and copy and paste it into a reply. (Post your reply before going on.) This OTL script will also create a file called winsock2.reg on your desktop. This is just an insurance file in case the next step does not work and you can't get on line after it. If that happens, right click on winsock2.reg and Merge. Reboot.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
[code]sfc  /scannow[/code]
(Wait for it to finish.  Does the sfc command finish without complaints?)
[code]
netsh  winsock  reset catalog[/code]


Reboot and see if you can get on line OK. If not use winsock2.reg. If that fails then do a System Restore to the newest restore point.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Run OTL, Quickscan and post the log.
  • 0

#5
plasmasphinx

plasmasphinx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Norton Antivirus has not expired. The infection, or possibly the other antivirus software, make it unable to upgrade. I will run the removal tool and download avast.
  • 0

#6
plasmasphinx

plasmasphinx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Norton and Avira uninstalled.

Neither PC Tools nor Java 6 Update 26 could be uninstalled. PC Tools says it is being used by another program, though nothing else is open. For Java it says the Windows Installer Service could not be accessed because the Installer may not be correctly installed.

After uninstalling MBAM, my computer became unable to access any website, including this one. I have internet access, but the browser will not go to any website.

Next course of action?
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

netsh  winsock  reset  catalog

netsh  int ipv4  reset  \reset4.log

Reboot

Did that help?
  • 0

#8
plasmasphinx

plasmasphinx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
That did work! Thank you!

Here's the OTL log:

========== PROCESSES ==========
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XeroxRegistation deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
ADS C:\Users\Ethan\AppData\Local\Temp:o4PCm59QOkvdLb1Vwzlj7e deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\Users\Ethan\AppData\Local\Temp:WJ37HeClk8ljyF6CGAGxVFgCR deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Ethan\Desktop\cmd.bat deleted successfully.
C:\Users\Ethan\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Ethan\Desktop\cmd.bat deleted successfully.
C:\Users\Ethan\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Ethan\Desktop\cmd.bat deleted successfully.
C:\Users\Ethan\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Ethan\Desktop\cmd.bat deleted successfully.
C:\Users\Ethan\Desktop\cmd.txt deleted successfully.
< reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c >
The operation completed successfully.
C:\Users\Ethan\Desktop\cmd.bat deleted successfully.
C:\Users\Ethan\Desktop\cmd.txt deleted successfully.
< net start bfe /c >
C:\Users\Ethan\Desktop\cmd.bat deleted successfully.
C:\Users\Ethan\Desktop\cmd.txt deleted successfully.
< net start mpssvc /c >
C:\Users\Ethan\Desktop\cmd.bat deleted successfully.
C:\Users\Ethan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ethan
->Flash cache emptied: 130406 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Ethan
->Java cache emptied: 26400 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02092012_105249

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#9
plasmasphinx

plasmasphinx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
VEW System Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/02/2012 11:19:17 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/02/2012 5:15:53 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 09/02/2012 5:15:33 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 09/02/2012 5:15:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PC Tools Security Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 09/02/2012 5:15:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PC Tools Auxiliary Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 09/02/2012 5:15:33 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/02/2012 5:14:33 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 09/02/2012 5:14:33 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll






VEW Application Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/02/2012 11:20:31 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/02/2012 5:15:56 PM
Type: Error Category: 0
Event: 0 Source: Toshiba App Place
The event description cannot be found.

Log: 'Application' Date/Time: 09/02/2012 5:15:35 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [bbcf0586-8b94-46eb-a2b4-c5fefbce2751]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [01d4f272-71b8-489b-85d3-97c263eac3b7]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [1df917db-3056-41af-bbac-0489a6b63d4d]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [e4b859d8-de3c-4f9a-b55d-cdc1253ccbdb]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [9647eec5-422f-4913-a77c-47f6c08b9409]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [bb62892f-f03c-465a-87a4-3748828861bc]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:08 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:07 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:07 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:07 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:07 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 5:17:07 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]






OTL Log:

OTL logfile created on: 2/9/2012 11:21:33 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ethan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.38 Gb Available Physical Memory | 73.67% Memory free
11.90 Gb Paging File | 10.23 Gb Available in Paging File | 85.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.98 Gb Total Space | 492.76 Gb Free Space | 84.81% Space Free | Partition Type: NTFS

Computer Name: ETHAN-PC | User Name: Ethan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 21:37:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ethan\Desktop\OTL.exe
PRC - [2012/01/10 20:24:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/08 22:16:57 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/01 18:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ethan\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/02/03 13:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
PRC - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/17 20:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/07/22 14:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/10 20:24:36 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 05:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 05:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/03/02 16:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/20 19:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/08 22:16:57 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/08/26 12:10:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/03 13:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 20:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/04/12 11:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/23 19:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2011/12/01 16:07:10 | 001,096,688 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2011/12/01 16:07:08 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/11/14 15:12:28 | 000,367,912 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/04/04 21:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 16:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/27 13:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 20:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 15:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 13:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/18 15:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/18 17:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 16:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/06 21:26:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/08 20:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/10 20:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/06 21:26:19 | 000,000,000 | ---D | M]

[2011/08/16 10:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Extensions
[2011/11/10 07:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/08 20:43:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/01/10 20:24:36 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/08 19:45:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 07:56:48 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/08 12:15:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - Startup: C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ethan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137FC8D0-6C99-4BC7-8E4C-E7ACE85974A2}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{466AA6F6-86F8-4E45-BF8F-49A0ED22BE2F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/09 11:17:43 | 000,061,440 | ---- | C] ( ) -- C:\Users\Ethan\Desktop\VEW.exe
[2012/02/09 10:52:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/08 20:50:11 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\ElevatedDiagnostics
[2012/02/08 20:43:23 | 000,591,192 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2012/02/08 20:43:23 | 000,304,472 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2012/02/08 20:43:23 | 000,066,904 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2012/02/08 20:43:23 | 000,058,712 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2012/02/08 20:43:23 | 000,042,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2012/02/08 20:43:23 | 000,024,408 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2012/02/08 20:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/08 20:43:19 | 000,199,816 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2012/02/08 20:43:19 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012/02/08 20:35:48 | 000,256,960 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2012/02/08 20:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/08 20:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/08 13:55:56 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ethan\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 13:45:00 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Ethan\Desktop\aswMBR.exe
[2012/02/08 12:25:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/08 12:23:50 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ethan\Desktop\tdsskiller.exe
[2012/02/08 12:21:31 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/02/08 12:15:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/08 12:03:53 | 004,399,064 | R--- | C] (Swearware) -- C:\Users\Ethan\Desktop\ComboFix.exe
[2012/02/08 11:55:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/02/08 11:55:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/02/08 11:55:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/02/08 11:54:57 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/02/08 11:54:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 21:37:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ethan\Desktop\OTL.exe
[2012/02/07 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\NPE
[2012/02/06 23:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F7068
[2012/02/06 23:04:46 | 000,339,608 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[2012/02/06 23:04:46 | 000,145,432 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2012/02/06 23:04:40 | 000,014,776 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctBTFix64.sys
[2012/02/06 23:04:36 | 000,092,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2012/02/06 17:40:03 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/06 17:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/06 17:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/06 13:35:32 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Malwarebytes
[2012/02/06 13:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/06 13:30:24 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/02/05 17:35:26 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2012/02/04 12:02:46 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/02/04 11:17:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/04 11:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/04 11:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/02/04 11:10:48 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/02/04 11:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/04 00:49:31 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\Symantec
[2012/02/03 14:38:40 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\The Mind that Lived On
[2012/01/31 09:39:55 | 001,096,688 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys
[2012/01/31 09:39:55 | 000,453,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys
[2012/01/31 09:39:54 | 000,367,912 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2012/01/31 09:39:52 | 000,230,952 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/01/31 09:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/01/31 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\TestApp
[2012/01/31 09:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/30 20:35:03 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Moondrop
[2012/01/30 16:08:46 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Act One Application Materials
[2012/01/30 12:20:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/01/29 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/29 15:13:29 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\PACE Anti-Piracy
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\PACE Anti-Piracy
[2012/01/29 15:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012/01/29 15:11:45 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Documents\Adobe
[2012/01/29 15:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/01/29 13:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/01/29 12:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2012/01/29 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012/01/29 12:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/29 12:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/21 00:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/21 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/18 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Canon
[2012/01/18 14:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2012/01/18 14:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/01/18 14:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/01/18 14:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/09 11:22:46 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/09 11:22:46 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/09 11:21:54 | 000,732,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/09 11:21:54 | 000,628,320 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/09 11:21:54 | 000,108,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/09 11:17:44 | 000,061,440 | ---- | M] ( ) -- C:\Users\Ethan\Desktop\VEW.exe
[2012/02/09 11:15:29 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/09 11:15:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/09 11:15:04 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/09 10:52:53 | 000,144,140 | ---- | M] () -- C:\Users\Ethan\Desktop\winsock2.reg
[2012/02/09 10:45:22 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/08 20:43:24 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/08 20:43:23 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/02/08 20:21:43 | 064,207,032 | ---- | M] () -- C:\Users\Ethan\Desktop\setup_av_free.exe
[2012/02/08 13:56:11 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ethan\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 13:47:20 | 000,000,512 | ---- | M] () -- C:\Users\Ethan\Desktop\MBR.dat
[2012/02/08 13:45:32 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Ethan\Desktop\aswMBR.exe
[2012/02/08 12:23:52 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ethan\Desktop\tdsskiller.exe
[2012/02/08 12:15:13 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/02/08 12:04:01 | 004,399,064 | R--- | M] (Swearware) -- C:\Users\Ethan\Desktop\ComboFix.exe
[2012/02/08 12:00:49 | 424,699,131 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/02/08 11:51:15 | 001,522,386 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/02/08 11:51:15 | 001,430,384 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2012/02/07 21:37:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ethan\Desktop\OTL.exe
[2012/02/07 19:39:13 | 000,000,882 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.bak
[2012/02/07 19:28:45 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/02/07 18:44:36 | 000,002,128 | ---- | M] () -- C:\{E6C099A2-4BBB-4D19-9089-22E1896190D3}
[2012/02/07 18:39:04 | 000,002,408 | ---- | M] () -- C:\{6DE5C8F7-2E84-44B7-8964-FD6B45FFF7C5}
[2012/02/04 11:24:23 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/02/01 11:23:25 | 000,126,412 | ---- | M] () -- C:\Users\Ethan\Desktop\Resume.pdf
[2012/01/31 09:37:01 | 000,420,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/01/30 12:17:14 | 000,110,064 | ---- | M] () -- C:\Users\Ethan\Desktop\2012-WP-Application.pdf
[2012/01/27 22:52:38 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1207000.00D\isolate.ini
[2012/01/11 16:19:34 | 000,092,896 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2012/01/11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/01/11 16:17:50 | 000,014,776 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctBTFix64.sys
[2012/01/11 16:14:48 | 000,145,432 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2012/01/11 16:14:42 | 000,339,608 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/09 10:52:53 | 000,144,140 | ---- | C] () -- C:\Users\Ethan\Desktop\winsock2.reg
[2012/02/08 20:43:24 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/08 20:35:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2012/02/08 20:14:54 | 064,207,032 | ---- | C] () -- C:\Users\Ethan\Desktop\setup_av_free.exe
[2012/02/08 13:47:20 | 000,000,512 | ---- | C] () -- C:\Users\Ethan\Desktop\MBR.dat
[2012/02/08 12:00:49 | 424,699,131 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/02/08 11:55:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/02/08 11:55:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/02/08 11:55:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/02/08 11:55:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/02/08 11:55:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/02/07 19:28:45 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/02/07 18:44:34 | 000,002,128 | ---- | C] () -- C:\{E6C099A2-4BBB-4D19-9089-22E1896190D3}
[2012/02/07 18:39:03 | 000,002,408 | ---- | C] () -- C:\{6DE5C8F7-2E84-44B7-8964-FD6B45FFF7C5}
[2012/02/04 11:24:23 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/01/31 09:39:56 | 001,522,386 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/01/30 12:17:17 | 000,110,064 | ---- | C] () -- C:\Users\Ethan\Desktop\2012-WP-Application.pdf
[2012/01/10 12:37:19 | 000,126,412 | ---- | C] () -- C:\Users\Ethan\Desktop\Resume.pdf
[2011/10/20 08:09:44 | 000,232,465 | ---- | C] () -- C:\windows\hpwins22.dat
[2011/08/16 10:37:25 | 000,008,704 | ---- | C] () -- C:\Users\Ethan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 21:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 21:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 21:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 20:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2009/10/14 10:38:37 | 000,002,940 | ---- | C] () -- C:\windows\hpwmdl22.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/11/22 10:01:49 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Amazon
[2012/01/18 16:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Canon
[2012/02/09 11:16:00 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Dropbox
[2012/01/29 15:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\PACE Anti-Piracy
[2012/01/29 15:13:29 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/02/06 21:26:50 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Spotify
[2012/01/29 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/31 09:39:09 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\TestApp
[2012/02/04 00:49:42 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Tific
[2011/10/19 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Toshiba
[2011/08/15 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\WinBatch
[2011/10/31 14:00:13 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Xerox
[2012/02/07 17:13:30 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Looks like the malware is gone but it damaged your registry a bit.


BFE. This service might not be installed.



Download and Save the attached BFE64.zip file. Right click on it and Extract All. This will create a folder called BFE64. Inside the folder will be two files. BFE64.reg and mpssvc.reg.

Right click on BFE64.reg and select MERGE. Allow it to merge into the registry. Report any errors you get.

Right click on mpssvc.reg and select MERGE. Allow it to merge into the registry. Report any errors you get.

Reboot.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(We want it to say
"The requested service has already been started

More help is available by typing NET HELPMSG 2182"

but it likely will say Access Denied. If you get Access Denied then:

Go into regedit, (Start, Search, regedit, doubleclick, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it. Find CurrentControlSet and click on its plus. Click on Services) then right click on Services and select Permissions then click Add.
Type in
NT Service\bfe
and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and do the
net  start  bfe
command again and see if BFE has already been started.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(also check the mpssvc which is Windows Firewall)

net  start  mpssvc

  • 0

#11
plasmasphinx

plasmasphinx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
All right, both requested services have already been started.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#13
plasmasphinx

plasmasphinx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
VEW System Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/02/2012 2:06:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/02/2012 7:51:49 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PC Tools Security Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 09/02/2012 7:51:49 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PC Tools Auxiliary Service service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/02/2012 7:50:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 09/02/2012 7:50:56 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll




VEW Application Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/02/2012 2:07:41 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/02/2012 7:52:09 PM
Type: Error Category: 0
Event: 0 Source: Toshiba App Place
The event description cannot be found.

Log: 'Application' Date/Time: 09/02/2012 7:52:00 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [bbcf0586-8b94-46eb-a2b4-c5fefbce2751]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [01d4f272-71b8-489b-85d3-97c263eac3b7]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [1df917db-3056-41af-bbac-0489a6b63d4d]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [e4b859d8-de3c-4f9a-b55d-cdc1253ccbdb]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [9647eec5-422f-4913-a77c-47f6c08b9409]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [bb62892f-f03c-465a-87a4-3748828861bc]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 09/02/2012 7:53:22 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]



Thanks!
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP

The PC Tools Security Service service failed to start due to the following error: The system cannot find the file specified.


You probably should uninstall PC Tools Security Service since it is not working correctly. Other than that it looks good. Is it working OK now? If so then it's cleanup time:


We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#15
plasmasphinx

plasmasphinx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you so much for your help. My computer is cured! Excellent job.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP