[adiii]

I've tried a norton full system scan and also malwarebytes, but it keeps coming back. Please help.

[Advertisements]

Hello adiii and welcome to GeeksToGo

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please do not try to fix anything without being asked
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
• I am currently reviewing your logs.
• Do not put your logs inside <Quote> and/or <Code> *important*
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
  In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

[WhiteHat]

Hello adiii and welcome to GeeksToGo

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please do not try to fix anything without being asked
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
• I am currently reviewing your logs.
• Do not put your logs inside <Quote> and/or <Code> *important*
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
  In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

[WhiteHat]

# Step 1 #
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• In Extra Registry, select Use SafeList
• Under the Custom Scan box paste this in
  

  netsvcs
  msconfig
  drives
  %SYSTEMDRIVE%\*.*
  %systemdrive%\drivers\*.exe
  %systemroot%\system32\drivers\*.* /90
  %PROGRAMFILES%\*.*
  HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
  HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

# Step 2 #
Please download Farbar Service Scanner and run it on the computer.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[adiii]

Hi WhiteHat. Here you go.

OTL logfile created on: 7/22/2012 12:15:55 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 46.10% Memory free
3.99 Gb Paging File | 1.90 Gb Available in Paging File | 47.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 128.11 Gb Free Space | 55.36% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 23:37:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2012/07/20 14:03:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/12 22:58:32 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/07/27 13:22:52 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 00:35:03 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2009/02/03 09:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/29 18:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/27 23:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/04/26 21:56:10 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/04/11 12:19:48 | 004,443,136 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/04/10 19:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 13:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 13:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/03/22 14:46:54 | 000,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/06 20:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/20 14:03:08 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/12 22:58:32 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/15 00:14:29 | 000,518,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\8b0dba4627840c06841ab04757ade525\TCrdMain.ni.exe
MOD - [2012/06/14 19:36:41 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 19:36:22 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 19:35:08 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 19:31:28 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 04:36:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 04:36:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 04:35:59 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 04:35:49 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/10 10:42:59 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/08 18:50:04 | 003,565,056 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2009/08/11 21:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\System32\ac3filter.acm
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/04/25 00:57:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/04/23 13:38:08 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll
MOD - [2007/04/11 12:19:48 | 004,443,136 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2006/12/01 21:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/11/09 21:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 21:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2006/11/06 20:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
SRV - [2012/07/20 14:03:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/12 22:58:43 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 00:35:03 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/04/27 23:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 13:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/21 15:05:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/06/18 20:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 14:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120720.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/30 22:33:40 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/30 22:33:39 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/26 02:55:58 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120721.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/26 02:55:58 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120721.005\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 00:14:00 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2008/11/10 12:26:00 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/22 10:24:38 | 000,036,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/13 19:08:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/02/22 16:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/27 23:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/25 01:07:14 | 002,590,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/03/13 00:47:54 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 23:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2006/02/14 14:50:00 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/01/07 11:09:50 | 000,007,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Samhid.sys -- (samhid)
DRV - [2005/09/27 19:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {89147D9E-47BE-4619-878F-7F1FCB3AE306}
IE - HKLM\..\SearchScopes\{89147D9E-47BE-4619-878F-7F1FCB3AE306}: "URL" = http://www.google.co...ge={startPage};
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {89147D9E-47BE-4619-878F-7F1FCB3AE306}
IE - HKCU\..\SearchScopes\{21619D07-1073-43D8-8A76-3357C73CABCB}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{300FEB6E-EEF5-4839-82FF-BD0003547B18}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{802478AF-EFC6-4801-BD74-14247C7C96F7}: "URL" = http://search.yahoo....}&fr=chr-ygames
IE - HKCU\..\SearchScopes\{89147D9E-47BE-4619-878F-7F1FCB3AE306}: "URL" = http://www.google.co...1I7TSHB_enUS236
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...l&geo=US&ver=17
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E65DA6BB-45F0-4344-8CEB-43393F4BA081}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - user.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="
FF - user.js..keyword.enabled: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\owner\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\owner\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/01/31 21:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_10_1 [2012/07/21 15:49:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/01 18:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 09:44:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 14:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/17 00:14:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\owner\AppData\Roaming\Move Networks [2010/01/01 10:56:07 | 000,000,000 | ---D | M]

[2008/12/28 12:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2012/05/20 16:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\drkj3dog.default\extensions
[2010/06/01 21:30:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\drkj3dog.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/17 21:18:57 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\drkj3dog.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/20 16:41:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\drkj3dog.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/11 22:00:49 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\drkj3dog.default\extensions\[email protected]
[2011/01/08 01:51:38 | 000,002,470 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drkj3dog.default\searchplugins\safesearch.xml
[2012/07/21 01:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/23 22:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/21 15:49:50 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_10_1
[2012/01/31 21:12:21 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2012/07/20 14:03:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/27 23:43:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/28 12:51:58 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2012/06/18 20:22:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 20:22:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/09/09 21:30:25 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.4; OfficeLivePatch.0.0; .NET CLR 3.0.30729; yie8)" -"http://www.candystan...home-run-rally" File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blackpeoplemeet.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CFCDD09-5BDC-4A7F-B180-94BC0B24034A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Desktop Software - hkey= - key= - C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 23:37:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/07/21 13:51:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/20 02:22:44 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\FixZeroAccess
[2012/07/20 00:47:00 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\owner\Desktop\FixZeroAccess.exe
[2012/07/18 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\NPE
[2012/07/11 22:58:14 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 22:05:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 22:05:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 22:05:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 22:05:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 22:05:09 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 22:05:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 22:05:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/10 20:45:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/05 01:35:25 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Skype
[2012/07/04 23:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/04 23:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/07/04 23:27:18 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/07/04 23:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 00:16:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 00:16:50 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 00:06:48 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 00:06:48 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 23:37:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/07/21 22:06:00 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012/07/21 22:05:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 15:50:44 | 000,003,128 | ---- | M] () -- C:\{F4797981-02AF-428E-A765-754D0DB18751}
[2012/07/21 15:48:30 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 15:45:52 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2012/07/21 15:45:51 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2012/07/21 15:45:04 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/21 15:32:23 | 000,001,356 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2012/07/21 15:05:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/21 02:32:58 | 000,003,168 | ---- | M] () -- C:\{6BA63AEC-DA5D-4DFD-8C21-7E4B7BE9E671}
[2012/07/20 23:40:54 | 000,003,168 | ---- | M] () -- C:\{02FC3C85-BC25-49B9-BBAC-3C147A19DB6B}
[2012/07/20 23:32:51 | 000,003,168 | ---- | M] () -- C:\{AE4F983F-AD3B-44CB-8369-72777CCF9225}
[2012/07/20 23:31:32 | 000,003,168 | ---- | M] () -- C:\{49843135-F970-47CA-9773-1BEA8146003D}
[2012/07/20 23:30:11 | 000,003,160 | ---- | M] () -- C:\{25C84DC3-D432-491A-9C88-6C1E880F841E}
[2012/07/20 23:28:52 | 000,003,168 | ---- | M] () -- C:\{0703E6FE-DCBE-4A6D-BB8B-6F26585ABDF2}
[2012/07/20 23:27:14 | 000,003,168 | ---- | M] () -- C:\{172D16FF-1F6C-412B-821D-11F795C7FCE6}
[2012/07/20 23:25:38 | 000,003,192 | ---- | M] () -- C:\{98A4F8BF-BC08-4429-AA03-CD12FCE3F766}
[2012/07/20 23:23:04 | 000,003,168 | ---- | M] () -- C:\{E2728F82-2C61-4BCC-8E4E-E1BAC63902D9}
[2012/07/20 22:48:17 | 000,003,192 | ---- | M] () -- C:\{0FF10280-BFFC-45F4-A35B-851A614E8555}
[2012/07/20 21:32:18 | 000,003,168 | ---- | M] () -- C:\{B1734447-E7E2-41A1-AFF7-00D8CA9AC224}
[2012/07/20 21:31:08 | 000,003,192 | ---- | M] () -- C:\{68522BF9-0388-45FD-A351-437B7E39F3BC}
[2012/07/20 20:53:00 | 000,003,192 | ---- | M] () -- C:\{F8EE753C-A82A-4096-A211-41CC35E44794}
[2012/07/20 20:52:59 | 000,002,464 | ---- | M] () -- C:\{0F1D25AE-AF68-4994-A939-C1B877CA8E5A}
[2012/07/20 20:50:57 | 000,003,160 | ---- | M] () -- C:\{E34D0970-97CF-4FCB-AC79-A057B5B83843}
[2012/07/20 20:49:18 | 000,003,168 | ---- | M] () -- C:\{50AAECBA-03E8-46CF-B973-6F5C1F15EFC5}
[2012/07/20 20:43:25 | 000,003,192 | ---- | M] () -- C:\{2A74AE8E-BDE1-4C97-AB83-2A65A633C5F8}
[2012/07/20 20:42:09 | 000,003,168 | ---- | M] () -- C:\{FCFCD298-AFC8-4031-A971-4BC6FB5C0E6A}
[2012/07/20 20:40:26 | 000,003,168 | ---- | M] () -- C:\{9C6F7F4B-8968-43EA-B8E6-19B23C4E4FA7}
[2012/07/20 20:26:00 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 20:00:49 | 000,003,192 | ---- | M] () -- C:\{2326045C-366B-4E8E-B60C-DDF70650FE27}
[2012/07/20 02:30:26 | 000,003,192 | ---- | M] () -- C:\{A855009F-34C2-4DEC-A4DB-18793F7ADC23}
[2012/07/20 00:47:02 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\owner\Desktop\FixZeroAccess.exe
[2012/07/18 19:20:46 | 000,003,192 | ---- | M] () -- C:\{98AB9C6F-5E6B-44F4-A09A-D0B2CEE95776}
[2012/07/18 05:18:26 | 000,003,168 | ---- | M] () -- C:\{35A52861-7BAF-4A80-992D-30925ADF5EE1}
[2012/07/18 05:10:30 | 000,003,168 | ---- | M] () -- C:\{3CF5315D-4D73-44F2-A5D2-662D016C698A}
[2012/07/18 05:08:36 | 000,003,168 | ---- | M] () -- C:\{78AC8E6E-F62F-4D9E-8AFE-8218316A867D}
[2012/07/18 04:51:15 | 000,003,168 | ---- | M] () -- C:\{EEDB5512-5B27-41BB-BAED-5FDB81B94439}
[2012/07/18 04:15:23 | 000,003,168 | ---- | M] () -- C:\{B2F58096-3B54-4F81-A5CB-BCDB1CA8E9C8}
[2012/07/18 03:56:33 | 000,003,192 | ---- | M] () -- C:\{B4B4E2B6-196D-438B-A08D-A40BD4BE5323}
[2012/07/18 03:37:50 | 000,003,168 | ---- | M] () -- C:\{B2FC7829-2EA3-4B10-9DCB-80BF3D68F852}
[2012/07/18 03:36:41 | 000,003,192 | ---- | M] () -- C:\{F1140557-A947-449A-85C7-C733E3220169}
[2012/07/18 02:53:59 | 000,003,192 | ---- | M] () -- C:\{A9CFB260-1C5B-4965-B0F4-B7E4F22203F5}
[2012/07/18 02:28:50 | 000,003,160 | ---- | M] () -- C:\{57B206EB-177E-44C3-A8E9-117A711A5B53}
[2012/07/18 02:26:38 | 000,003,168 | ---- | M] () -- C:\{9A711070-2854-498D-B7C2-0D0477A64530}
[2012/07/18 02:25:20 | 000,003,168 | ---- | M] () -- C:\{9B66C1D4-7CF2-4E8F-AED2-0A3877B43008}
[2012/07/18 02:16:08 | 000,003,168 | ---- | M] () -- C:\{EC4AD8BB-3761-4E1B-A4B4-2371E901D8A8}
[2012/07/18 02:05:03 | 000,003,168 | ---- | M] () -- C:\{99AECE6E-7740-44DB-8695-79EEF4631A75}
[2012/07/18 02:03:42 | 000,003,192 | ---- | M] () -- C:\{6BD5900C-EEA0-4E3D-9A5F-608B47C08BA2}
[2012/07/18 01:36:53 | 000,003,168 | ---- | M] () -- C:\{3B332147-7ED6-42C5-96D0-79AF3F20C510}
[2012/07/18 01:11:00 | 000,003,168 | ---- | M] () -- C:\{5A1883F0-A816-414D-8D71-E729D33B72A7}
[2012/07/18 01:04:24 | 000,003,192 | ---- | M] () -- C:\{C5D43213-7AEC-4FAF-99B5-909D787C0FF3}
[2012/07/18 00:37:57 | 000,003,192 | ---- | M] () -- C:\{19243217-DCC9-406D-8E8D-8388F331CCD9}
[2012/07/18 00:31:56 | 000,003,168 | ---- | M] () -- C:\{72924E0D-457C-4366-B8B0-9C9F43C73209}
[2012/07/18 00:30:18 | 000,003,168 | ---- | M] () -- C:\{6F95C386-9376-4466-8EE7-BBCC49E08E4E}
[2012/07/12 22:58:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/12 22:58:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/12 21:49:02 | 000,326,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/04 23:51:29 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 15:50:44 | 000,003,128 | ---- | C] () -- C:\{F4797981-02AF-428E-A765-754D0DB18751}
[2012/07/21 15:45:04 | 2011,217,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/21 13:21:28 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}\L\00000004.@
[2012/07/21 02:32:57 | 000,003,168 | ---- | C] () -- C:\{6BA63AEC-DA5D-4DFD-8C21-7E4B7BE9E671}
[2012/07/20 23:40:54 | 000,003,168 | ---- | C] () -- C:\{02FC3C85-BC25-49B9-BBAC-3C147A19DB6B}
[2012/07/20 23:32:50 | 000,003,168 | ---- | C] () -- C:\{AE4F983F-AD3B-44CB-8369-72777CCF9225}
[2012/07/20 23:31:32 | 000,003,168 | ---- | C] () -- C:\{49843135-F970-47CA-9773-1BEA8146003D}
[2012/07/20 23:30:11 | 000,003,160 | ---- | C] () -- C:\{25C84DC3-D432-491A-9C88-6C1E880F841E}
[2012/07/20 23:28:51 | 000,003,168 | ---- | C] () -- C:\{0703E6FE-DCBE-4A6D-BB8B-6F26585ABDF2}
[2012/07/20 23:27:14 | 000,003,168 | ---- | C] () -- C:\{172D16FF-1F6C-412B-821D-11F795C7FCE6}
[2012/07/20 23:25:37 | 000,003,192 | ---- | C] () -- C:\{98A4F8BF-BC08-4429-AA03-CD12FCE3F766}
[2012/07/20 23:23:04 | 000,003,168 | ---- | C] () -- C:\{E2728F82-2C61-4BCC-8E4E-E1BAC63902D9}
[2012/07/20 22:48:17 | 000,003,192 | ---- | C] () -- C:\{0FF10280-BFFC-45F4-A35B-851A614E8555}
[2012/07/20 21:32:18 | 000,003,168 | ---- | C] () -- C:\{B1734447-E7E2-41A1-AFF7-00D8CA9AC224}
[2012/07/20 21:31:07 | 000,003,192 | ---- | C] () -- C:\{68522BF9-0388-45FD-A351-437B7E39F3BC}
[2012/07/20 20:52:59 | 000,003,192 | ---- | C] () -- C:\{F8EE753C-A82A-4096-A211-41CC35E44794}
[2012/07/20 20:52:59 | 000,002,464 | ---- | C] () -- C:\{0F1D25AE-AF68-4994-A939-C1B877CA8E5A}
[2012/07/20 20:50:57 | 000,003,160 | ---- | C] () -- C:\{E34D0970-97CF-4FCB-AC79-A057B5B83843}
[2012/07/20 20:49:04 | 000,003,168 | ---- | C] () -- C:\{50AAECBA-03E8-46CF-B973-6F5C1F15EFC5}
[2012/07/20 20:43:22 | 000,003,192 | ---- | C] () -- C:\{2A74AE8E-BDE1-4C97-AB83-2A65A633C5F8}
[2012/07/20 20:42:09 | 000,003,168 | ---- | C] () -- C:\{FCFCD298-AFC8-4031-A971-4BC6FB5C0E6A}
[2012/07/20 20:40:26 | 000,003,168 | ---- | C] () -- C:\{9C6F7F4B-8968-43EA-B8E6-19B23C4E4FA7}
[2012/07/20 20:26:00 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 20:00:49 | 000,003,192 | ---- | C] () -- C:\{2326045C-366B-4E8E-B60C-DDF70650FE27}
[2012/07/20 02:30:25 | 000,003,192 | ---- | C] () -- C:\{A855009F-34C2-4DEC-A4DB-18793F7ADC23}
[2012/07/18 19:20:36 | 000,003,192 | ---- | C] () -- C:\{98AB9C6F-5E6B-44F4-A09A-D0B2CEE95776}
[2012/07/18 05:18:24 | 000,003,168 | ---- | C] () -- C:\{35A52861-7BAF-4A80-992D-30925ADF5EE1}
[2012/07/18 05:10:29 | 000,003,168 | ---- | C] () -- C:\{3CF5315D-4D73-44F2-A5D2-662D016C698A}
[2012/07/18 05:08:32 | 000,003,168 | ---- | C] () -- C:\{78AC8E6E-F62F-4D9E-8AFE-8218316A867D}
[2012/07/18 04:51:14 | 000,003,168 | ---- | C] () -- C:\{EEDB5512-5B27-41BB-BAED-5FDB81B94439}
[2012/07/18 04:15:22 | 000,003,168 | ---- | C] () -- C:\{B2F58096-3B54-4F81-A5CB-BCDB1CA8E9C8}
[2012/07/18 03:56:29 | 000,003,192 | ---- | C] () -- C:\{B4B4E2B6-196D-438B-A08D-A40BD4BE5323}
[2012/07/18 03:37:49 | 000,003,168 | ---- | C] () -- C:\{B2FC7829-2EA3-4B10-9DCB-80BF3D68F852}
[2012/07/18 03:36:40 | 000,003,192 | ---- | C] () -- C:\{F1140557-A947-449A-85C7-C733E3220169}
[2012/07/18 02:53:58 | 000,003,192 | ---- | C] () -- C:\{A9CFB260-1C5B-4965-B0F4-B7E4F22203F5}
[2012/07/18 02:28:48 | 000,003,160 | ---- | C] () -- C:\{57B206EB-177E-44C3-A8E9-117A711A5B53}
[2012/07/18 02:26:30 | 000,003,168 | ---- | C] () -- C:\{9A711070-2854-498D-B7C2-0D0477A64530}
[2012/07/18 02:25:16 | 000,003,168 | ---- | C] () -- C:\{9B66C1D4-7CF2-4E8F-AED2-0A3877B43008}
[2012/07/18 02:16:06 | 000,003,168 | ---- | C] () -- C:\{EC4AD8BB-3761-4E1B-A4B4-2371E901D8A8}
[2012/07/18 02:05:02 | 000,003,168 | ---- | C] () -- C:\{99AECE6E-7740-44DB-8695-79EEF4631A75}
[2012/07/18 02:03:40 | 000,003,192 | ---- | C] () -- C:\{6BD5900C-EEA0-4E3D-9A5F-608B47C08BA2}
[2012/07/18 01:36:52 | 000,003,168 | ---- | C] () -- C:\{3B332147-7ED6-42C5-96D0-79AF3F20C510}
[2012/07/18 01:10:58 | 000,003,168 | ---- | C] () -- C:\{5A1883F0-A816-414D-8D71-E729D33B72A7}
[2012/07/18 01:04:21 | 000,003,192 | ---- | C] () -- C:\{C5D43213-7AEC-4FAF-99B5-909D787C0FF3}
[2012/07/18 00:37:57 | 000,003,192 | ---- | C] () -- C:\{19243217-DCC9-406D-8E8D-8388F331CCD9}
[2012/07/18 00:31:55 | 000,003,168 | ---- | C] () -- C:\{72924E0D-457C-4366-B8B0-9C9F43C73209}
[2012/07/18 00:30:16 | 000,003,168 | ---- | C] () -- C:\{6F95C386-9376-4466-8EE7-BBCC49E08E4E}
[2012/07/04 23:27:19 | 000,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/11 19:50:32 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}\@
[2012/01/11 19:50:32 | 000,002,048 | -HS- | C] () -- C:\Users\owner\AppData\Local\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}\@
[2011/12/13 14:15:57 | 000,000,000 | ---- | C] () -- C:\Users\owner\InstallerControl_setup_exe.zjem6qs.partial
[2011/12/13 13:46:43 | 000,000,000 | ---- | C] () -- C:\Users\owner\InstallerControl_setup_exe.efv3v46.partial
[2011/11/07 23:52:36 | 000,035,196 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2011/09/26 20:07:20 | 000,174,432 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/09/26 20:07:20 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2011/05/24 00:19:35 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/01 21:10:53 | 000,001,356 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/04/12 22:41:30 | 000,011,396 | -HS- | C] () -- C:\Users\owner\AppData\Local\aB6G3tn
[2010/04/12 22:41:30 | 000,011,396 | -HS- | C] () -- C:\ProgramData\aB6G3tn
[2010/03/11 00:33:46 | 000,007,992 | -HS- | C] () -- C:\Users\owner\AppData\Local\7Nadb2
[2009/11/04 23:41:28 | 003,874,252 | R--- | C] () -- C:\Users\owner\Video0045.mp4
[2008/10/09 16:39:10 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2007/12/19 23:47:28 | 000,000,632 | RHS- | C] () -- C:\Users\owner\ntuser.pol
[2007/10/27 00:07:10 | 000,601,728 | ---- | C] () -- C:\Users\owner\ampx_2_6_1_11_en.exe
[2007/09/13 21:40:03 | 000,013,312 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHX2250BT ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 231.00GB
Starting Offset: 1573912576
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/05/16 19:47:29 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/07/21 15:45:04 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2008/02/16 10:57:28 | 000,000,164 | ---- | M] () -- C:\install.dat
[2008/01/21 15:46:07 | 000,000,494 | -H-- | M] () -- C:\IPH.PH
[2011/03/03 22:47:25 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/09/14 20:33:08 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/09/14 20:33:08 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2008/10/30 21:33:37 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2008/10/30 21:33:38 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{c6126d33-a6e0-11dd-a46c-001b381bb6e7}.TM.blf
[2008/10/30 21:33:38 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{c6126d33-a6e0-11dd-a46c-001b381bb6e7}.TMContainer00000000000000000001.regtrans-ms
[2008/10/30 21:33:38 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{c6126d33-a6e0-11dd-a46c-001b381bb6e7}.TMContainer00000000000000000002.regtrans-ms
[2009/09/14 20:33:08 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{c6126d37-a6e0-11dd-a46c-001b381bb6e7}.TM.blf
[2009/09/14 20:33:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{c6126d37-a6e0-11dd-a46c-001b381bb6e7}.TMContainer00000000000000000001.regtrans-ms
[2008/10/30 21:33:38 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{c6126d37-a6e0-11dd-a46c-001b381bb6e7}.TMContainer00000000000000000002.regtrans-ms
[2012/07/21 15:44:59 | 2325,024,768 | -HS- | M] () -- C:\pagefile.sys
[2009/09/09 21:30:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/09/09 21:30:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2012/07/21 13:49:39 | 000,000,395 | ---- | M] () -- C:\rkill.log
[2012/07/21 13:46:38 | 000,123,962 | ---- | M] () -- C:\TDSSKiller.2.7.46.0_21.07.2012_13.44.46_log.txt
[2008/10/05 15:11:55 | 000,000,118 | ---- | M] () -- C:\tmp2.reg
[2007/09/11 22:46:56 | 000,000,158 | ---- | M] () -- C:\YServer.txt
[2012/07/20 23:40:54 | 000,003,168 | ---- | M] () -- C:\{02FC3C85-BC25-49B9-BBAC-3C147A19DB6B}
[2012/07/20 23:28:52 | 000,003,168 | ---- | M] () -- C:\{0703E6FE-DCBE-4A6D-BB8B-6F26585ABDF2}
[2012/07/20 20:52:59 | 000,002,464 | ---- | M] () -- C:\{0F1D25AE-AF68-4994-A939-C1B877CA8E5A}
[2012/07/20 22:48:17 | 000,003,192 | ---- | M] () -- C:\{0FF10280-BFFC-45F4-A35B-851A614E8555}
[2012/07/20 23:27:14 | 000,003,168 | ---- | M] () -- C:\{172D16FF-1F6C-412B-821D-11F795C7FCE6}
[2012/07/18 00:37:57 | 000,003,192 | ---- | M] () -- C:\{19243217-DCC9-406D-8E8D-8388F331CCD9}
[2012/07/20 20:00:49 | 000,003,192 | ---- | M] () -- C:\{2326045C-366B-4E8E-B60C-DDF70650FE27}
[2012/07/20 23:30:11 | 000,003,160 | ---- | M] () -- C:\{25C84DC3-D432-491A-9C88-6C1E880F841E}
[2012/07/20 20:43:25 | 000,003,192 | ---- | M] () -- C:\{2A74AE8E-BDE1-4C97-AB83-2A65A633C5F8}
[2012/07/18 05:18:26 | 000,003,168 | ---- | M] () -- C:\{35A52861-7BAF-4A80-992D-30925ADF5EE1}
[2012/07/18 01:36:53 | 000,003,168 | ---- | M] () -- C:\{3B332147-7ED6-42C5-96D0-79AF3F20C510}
[2012/07/18 05:10:30 | 000,003,168 | ---- | M] () -- C:\{3CF5315D-4D73-44F2-A5D2-662D016C698A}
[2012/07/20 23:31:32 | 000,003,168 | ---- | M] () -- C:\{49843135-F970-47CA-9773-1BEA8146003D}
[2012/07/20 20:49:18 | 000,003,168 | ---- | M] () -- C:\{50AAECBA-03E8-46CF-B973-6F5C1F15EFC5}
[2011/09/04 03:59:57 | 000,001,760 | ---- | M] () -- C:\{572D4D0D-4615-4E46-85E8-659EC2E2C62E}
[2012/07/18 02:28:50 | 000,003,160 | ---- | M] () -- C:\{57B206EB-177E-44C3-A8E9-117A711A5B53}
[2012/07/18 01:11:00 | 000,003,168 | ---- | M] () -- C:\{5A1883F0-A816-414D-8D71-E729D33B72A7}
[2012/07/20 21:31:08 | 000,003,192 | ---- | M] () -- C:\{68522BF9-0388-45FD-A351-437B7E39F3BC}
[2012/07/21 02:32:58 | 000,003,168 | ---- | M] () -- C:\{6BA63AEC-DA5D-4DFD-8C21-7E4B7BE9E671}
[2012/07/18 02:03:42 | 000,003,192 | ---- | M] () -- C:\{6BD5900C-EEA0-4E3D-9A5F-608B47C08BA2}
[2012/07/18 00:30:18 | 000,003,168 | ---- | M] () -- C:\{6F95C386-9376-4466-8EE7-BBCC49E08E4E}
[2012/07/18 00:31:56 | 000,003,168 | ---- | M] () -- C:\{72924E0D-457C-4366-B8B0-9C9F43C73209}
[2012/07/18 05:08:36 | 000,003,168 | ---- | M] () -- C:\{78AC8E6E-F62F-4D9E-8AFE-8218316A867D}
[2012/07/20 23:25:38 | 000,003,192 | ---- | M] () -- C:\{98A4F8BF-BC08-4429-AA03-CD12FCE3F766}
[2012/07/18 19:20:46 | 000,003,192 | ---- | M] () -- C:\{98AB9C6F-5E6B-44F4-A09A-D0B2CEE95776}
[2012/07/18 02:05:03 | 000,003,168 | ---- | M] () -- C:\{99AECE6E-7740-44DB-8695-79EEF4631A75}
[2012/07/18 02:26:38 | 000,003,168 | ---- | M] () -- C:\{9A711070-2854-498D-B7C2-0D0477A64530}
[2012/07/18 02:25:20 | 000,003,168 | ---- | M] () -- C:\{9B66C1D4-7CF2-4E8F-AED2-0A3877B43008}
[2012/07/20 20:40:26 | 000,003,168 | ---- | M] () -- C:\{9C6F7F4B-8968-43EA-B8E6-19B23C4E4FA7}
[2012/07/20 02:30:26 | 000,003,192 | ---- | M] () -- C:\{A855009F-34C2-4DEC-A4DB-18793F7ADC23}
[2012/07/18 02:53:59 | 000,003,192 | ---- | M] () -- C:\{A9CFB260-1C5B-4965-B0F4-B7E4F22203F5}
[2012/07/20 23:32:51 | 000,003,168 | ---- | M] () -- C:\{AE4F983F-AD3B-44CB-8369-72777CCF9225}
[2012/07/20 21:32:18 | 000,003,168 | ---- | M] () -- C:\{B1734447-E7E2-41A1-AFF7-00D8CA9AC224}
[2012/07/18 04:15:23 | 000,003,168 | ---- | M] () -- C:\{B2F58096-3B54-4F81-A5CB-BCDB1CA8E9C8}
[2012/07/18 03:37:50 | 000,003,168 | ---- | M] () -- C:\{B2FC7829-2EA3-4B10-9DCB-80BF3D68F852}
[2012/07/18 03:56:33 | 000,003,192 | ---- | M] () -- C:\{B4B4E2B6-196D-438B-A08D-A40BD4BE5323}
[2012/07/18 01:04:24 | 000,003,192 | ---- | M] () -- C:\{C5D43213-7AEC-4FAF-99B5-909D787C0FF3}
[2012/07/20 23:23:04 | 000,003,168 | ---- | M] () -- C:\{E2728F82-2C61-4BCC-8E4E-E1BAC63902D9}
[2012/07/20 20:50:57 | 000,003,160 | ---- | M] () -- C:\{E34D0970-97CF-4FCB-AC79-A057B5B83843}
[2012/07/18 02:16:08 | 000,003,168 | ---- | M] () -- C:\{EC4AD8BB-3761-4E1B-A4B4-2371E901D8A8}
[2012/07/18 04:51:15 | 000,003,168 | ---- | M] () -- C:\{EEDB5512-5B27-41BB-BAED-5FDB81B94439}
[2012/07/18 03:36:41 | 000,003,192 | ---- | M] () -- C:\{F1140557-A947-449A-85C7-C733E3220169}
[2011/09/04 03:12:26 | 000,002,328 | ---- | M] () -- C:\{F160E973-645F-40E7-85B7-22B55A6EA2D3}
[2012/07/21 15:50:44 | 000,003,128 | ---- | M] () -- C:\{F4797981-02AF-428E-A765-754D0DB18751}
[2011/01/15 17:32:03 | 000,002,440 | ---- | M] () -- C:\{F5E92CCD-A0E9-4302-957F-9D3E57335C13}
[2012/07/20 20:53:00 | 000,003,192 | ---- | M] () -- C:\{F8EE753C-A82A-4096-A211-41CC35E44794}
[2012/07/20 20:42:09 | 000,003,168 | ---- | M] () -- C:\{FCFCD298-AFC8-4031-A971-4BC6FB5C0E6A}

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/06/04 11:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/07/21 15:05:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys
[2012/05/01 10:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

< %PROGRAMFILES%\*.* >
[2008/07/24 22:14:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 14:02:58 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 14:02:58 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 14:02:58 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/20 14:03:10 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 14:03:10 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 14:03:10 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/24 18:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/24 18:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/24 18:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 14:02:58 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 14:02:58 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 14:02:58 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/20 14:03:10 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 14:03:10 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 14:03:10 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/24 18:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/24 18:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/24 18:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

[adiii]

OTL Extras logfile created on: 7/22/2012 12:15:55 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 46.10% Memory free
3.99 Gb Paging File | 1.90 Gb Available in Paging File | 47.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 128.11 Gb Free Space | 55.36% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003B5184-F3DF-AF76-CB17-D35B7BB46B81}" = CCC Help Japanese
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{0F6932CF-E642-5A7A-8194-3F7443188287}" = CCC Help Turkish
"{103A43D9-9ED8-E78D-7BF1-E536DFE6FC9F}" = Catalyst Control Center Localization Greek
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12887AF2-AE16-34CC-E85C-637DF6911C8C}" = Catalyst Control Center Localization Turkish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13614186-B0A0-AA21-F75A-2097F9167DB8}" = CCC Help Portuguese
"{177B615E-47B1-C1C4-6F3B-7D6FEB8D4564}" = CCC Help Thai
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26210745-925C-8AE4-F3B9-5FA737A1F6F2}" = CCC Help Russian
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2768CDA5-57DA-59D4-884F-A0F8A5B36D3E}" = CCC Help Finnish
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29DC966A-DA3E-3ED4-68E7-6D3D9A055B42}" = Catalyst Control Center Localization Korean
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E7A9DDC-E062-0074-08AB-DE7D1B431F75}" = Catalyst Control Center Localization Chinese Traditional
"{2FAE3800-CC47-C556-C57F-A91851BF7854}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33824DAC-3F98-0BB6-56D5-7DE1A3CCC068}" = Catalyst Control Center Localization German
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3621A2DF-0870-FE7E-674F-1DBCB18C5D22}" = ccc-utility
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F11CE8A-388B-0D3A-DF6F-061F23A13D26}" = CCC Help Korean
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41DD15BE-811D-7DEF-19A9-30AF18F75EFF}" = Catalyst Control Center Localization Thai
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52F368DE-06BD-E116-9233-D1DE207BDFE6}" = CCC Help Dutch
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{53BABC75-1DC1-479B-224B-1EB9E18A799B}" = CCC Help German
"{56797214-1A4C-052E-1ECE-B00308BF3362}" = CCC Help Chinese Standard
"{572D71E9-5102-74B3-5D22-DEDF911F7FE5}" = CCC Help Italian
"{5BA0C9F0-3B01-91A3-6922-4DCF943D9CBE}" = CCC Help English
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FB5E3E9-49F0-4317-A22E-07D88E9A7FC5}" = Lotus Notes on USB
"{6080CE3C-2CB3-2FA3-1CE2-3350B06664BC}" = CCC Help Swedish
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{611E35B8-7F46-DDBB-CC4F-FAAED6C054FF}" = Catalyst Control Center Localization Spanish
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{678F1F2D-F214-08D4-67FB-AC04316C4940}" = ccc-core-static
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A0B868C-89BE-ACF1-8C0A-CC88878A9E46}" = Catalyst Control Center Localization Russian
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C4734CF-A10C-DFF4-5565-457F33849862}" = Catalyst Control Center Localization Swedish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DECCD60-782D-7B14-22DE-FB8D6EA46433}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715044AC-B95E-4CD0-9B0C-CEDDB422F93B}" = CCC Help Czech
"{724A8BEC-B350-1C76-C580-959AEA487108}" = Catalyst Control Center Localization Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7994AA46-4BA6-4349-1606-1DF4148CE05B}" = CCC Help Hungarian
"{7AFBAC39-F6A8-9F8D-6A6D-F134F7E34B6E}" = Catalyst Control Center Localization Danish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{845D19A7-0BBF-12DF-87CF-F5D468930EA6}" = Catalyst Control Center Localization Czech
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90BF970B-3335-CFD5-711C-9FE0310A97C0}" = CCC Help Greek
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926593ED-3962-4630-7CE3-34FF1B4ACCF3}" = Catalyst Control Center Localization Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E129024-17C6-40EF-A9A6-95A2167F89D2}" = TunePlus
"{9EB0D4D4-87A5-52F5-C59C-159F81BED0E6}" = Catalyst Control Center Graphics Previews Vista
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A91383E9-0311-DB40-6AF6-3F9E80F83E84}" = Catalyst Control Center Localization Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B07F0D17-FE19-4BE6-9F83-27E52CF381D5}" = Utherverse 3D Client
"{B1211E68-4DA2-7942-BE75-14272A8C1EA9}" = Catalyst Control Center Localization Dutch
"{B1F8FA80-EFA5-EC12-AD36-F5266EF90B61}" = CCC Help Danish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4369E44-8703-E769-A711-40EE5000AC2C}" = Catalyst Control Center Core Implementation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7DE7B5E-4A2B-B709-E133-EC74C81E654A}" = Catalyst Control Center Graphics Full New
"{B87A3B9F-7632-E053-2148-8EDD1A787B78}" = Catalyst Control Center Localization Chinese Standard
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7EA6173-A2B8-D45E-A0EE-74F8D2C58D30}" = Catalyst Control Center Localization Hungarian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D1C3920F-1DC3-A2FA-BF5E-7497B5EF072E}" = Catalyst Control Center Localization Norwegian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D95AAA04-9BEF-54B3-CD70-348AC1155DAB}" = Catalyst Control Center Graphics Full Existing
"{D9C7C58C-AC51-EDBF-CF22-E4E1B93ED50D}" = Skins
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DDC4619D-1DC8-C2A7-4968-45586F237131}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E015B7D9-01AD-FE29-052A-489F4F29ED7F}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7511B20-2857-3F50-1B84-F0F32C519FE1}" = CCC Help Chinese Traditional
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB5BE9DE-6025-6227-0C25-AE5C852EC479}" = Catalyst Control Center Localization Polish
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC28331A-FF2B-6D66-D8A0-32C706AEA120}" = CCC Help Spanish
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2B27034-6059-0549-F01A-4BD9865521B1}" = Catalyst Control Center Localization French
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBE6B550-A93E-AA46-1DBB-421EC319E2DA}" = Catalyst Control Center Localization Italian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AskSBar Uninstall" = Ask Toolbar
"ATI Uninstaller" = ATI Uninstaller
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"Desktop Dialer" = Desktop Dialer
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FrameShots" = FrameShots Video Screen Capture
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Google Desktop" = Google Desktop
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Offers from Toshiba" = Internet Offers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NHRA Drag Racing 2 Gold" = NHRA Drag Racing 2 Gold
"NIS" = Norton Internet Security
"Nitto 1320 Legends_is1" = Nitto 1320 Legends Public Beta 0.9.9.96
"oggcodecs" = oggcodecs 0.71.0946
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Philips Retractable PC Controller" = Philips Retractable PC Controller
"Picasa2" = Picasa 2
"Quick Search Box" = Google Quick Search Box
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"Red Light Center 3D Client" = Red Light Center 3D Client
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SoundInDepth.com DVD-Video Image Extractor_is1" = SoundInDepth.com DVD-Video Image Extractor 1.1.0.3
"Street Challenge - Extreme Velocity" = Street Challenge - Extreme Velocity
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Utherverse 3D Client" = Utherverse 3D Client
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinZip Self-Extractor" = WinZip Self-Extractor
"WT022084" = Bejeweled 2 Deluxe
"WT022085" = Blackhawk Striker 2
"WT022086" = Blasterball 3
"WT022087" = Diner Dash - Flo on the Go
"WT022089" = FATE
"WT022090" = Mah Jong Quest
"WT022091" = Penguins!
"WT022092" = Polar Bowler
"WT022093" = Polar Golfer
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2012 10:05:53 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10721091

Error - 7/21/2012 10:05:54 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 10:05:54 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10722105

Error - 7/21/2012 10:05:54 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10722105

Error - 7/21/2012 10:05:55 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 10:05:55 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10723103

Error - 7/21/2012 10:05:55 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10723103

Error - 7/21/2012 10:05:56 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 10:05:56 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10724101

Error - 7/21/2012 10:05:56 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10724101

[ Media Center Events ]
Error - 12/6/2007 12:53:48 AM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/1/2008 9:46:28 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/3/2008 9:40:29 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/4/2008 10:43:11 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 7:53:08 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 9/9/2008 9:49:14 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/5/2008 10:32:15 AM | Computer Name = owner-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/15/2008 11:18:25 PM | Computer Name = owner-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/15/2008 11:18:57 PM | Computer Name = owner-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 10/11/2009 11:28:57 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 8/18/2007 8:58:30 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/26/2007 4:28:06 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3710 seconds with 2340 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 7/21/2012 3:45:38 PM | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:42:20 PM on 7/21/2012 was unexpected.

Error - 7/21/2012 3:46:32 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/21/2012 3:46:32 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/21/2012 3:46:32 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 7/21/2012 3:46:32 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/21/2012 3:46:32 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 7/21/2012 3:48:48 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/21/2012 3:49:18 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/21/2012 3:49:18 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/21/2012 3:51:24 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

[adiii]

Farbar Service Scanner Version: 19-07-2012
Ran by owner (administrator) on 22-07-2012 at 01:01:03
Running from "C:\Users\owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.

[WhiteHat]

Hi adiii,

The Farbar Service Scanner log (FSS.txt) is incomplete. Please, send me the contents of this file again.

# Step 1 #

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:

• Ask Toolbar
  
• ooVoo toolbar, powered by Ask.com Updater

# Step 2 #
Please reopen on your desktop.

• Under the box at the bottom, paste in the following
  
  

  :OTL
  IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
  IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} -  C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
  IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...l&geo=US&ver=17
  IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
  FF - prefs.js..browser.search.selectedEngineURL:  "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=16da1d0daed64e30a9e2bde96289be05&subid=&Keywords={searchTerms}"
  FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
  FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
  [2012/05/11 22:00:49 | 000,000,000 | ---D | M] (ooVoo toolbar, powered  by Ask.com) --  C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\drkj3dog.default\extensions\[email protected]
  [2011/01/08 01:51:38 | 000,002,470 | ---- | M] () --  C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drkj3dog.default\searchplugins\safesearch.xml
  O2 - BHO: (Ask Search Assistant BHO) -  {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program  Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
  O2 - BHO: (ooVoo toolbar, powered by Ask.com) -  {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program  Files\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) -  {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program  Files\Ask.com\GenericAskToolbar.dll (Ask)
  O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
  
  :Files
  C:\Program Files\Ask.com
  C:\Windows\Installer\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}
  C:\Users\owner\AppData\Local\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}
  Type C:\{6BA63AEC-DA5D-4DFD-8C21-7E4B7BE9E671} /c
  Type C:\{25C84DC3-D432-491A-9C88-6C1E880F841E} /c
  
  :Commands
  [CREATERESTOREPOINT]
  [REBOOT]
  

• Then click the button at the top
• Let the program run unhindered, reboot the PC when it is done
• Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 3 #
Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[adiii]

Sorry, here is the fss.

Farbar Service Scanner Version: 22-07-2012
Ran by owner (administrator) on 22-07-2012 at 23:13:54
Running from "C:\Users\owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 22:02] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

[adiii]

it won't allow me to remove the Ask toolbar. I get the message - error loading c:\progra~1\AskSBar\bar\1.bin\AskSBar.dll And underneath that it says The specified module could not be found.

I was able to remove the ooVoo toolbar with no problem.

[WhiteHat]

Hi,

it won't allow me to remove the Ask toolbar.

Ok.

Do you have the Windows Vista DVD?

I need to know if you have the Recovery Console in your computer. To see this, follow these steps:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• See if the option Repair your computer exist:
  

# Step 1 #
Please reopen on your desktop.

• Under the box at the bottom, paste in the following
  
  

  :OTL
  IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
  IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}  -  C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
  IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...l&geo=US&ver=17
  IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
  FF -  prefs.js..browser.search.selectedEngineURL:  "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=16da1d0daed64e30a9e2bde96289be05&subid=&Keywords={searchTerms}"
  FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
  FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
  [2012/05/11 22:00:49 | 000,000,000 | ---D | M] (ooVoo toolbar,  powered  by Ask.com)  --  C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\drkj3dog.default\extensions\[email protected]
  [2011/01/08 01:51:38 | 000,002,470 | ---- | M] ()  --  C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drkj3dog.default\searchplugins\safesearch.xml
  O2 - BHO: (Ask Search Assistant BHO)  -  {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} -  C:\Program  Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
  O2 - BHO: (ooVoo toolbar, powered by Ask.com)  -  {D4027C7F-154A-4066-A1AD-4243D8127440} -  C:\Program  Files\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com)  -  {D4027C7F-154A-4066-A1AD-4243D8127440} -  C:\Program  Files\Ask.com\GenericAskToolbar.dll (Ask)
  O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
  
  :Files
  C:\Program Files\Ask.com
  C:\Windows\Installer\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}
  C:\Users\owner\AppData\Local\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}
  Type C:\{6BA63AEC-DA5D-4DFD-8C21-7E4B7BE9E671} /c
  Type C:\{25C84DC3-D432-491A-9C88-6C1E880F841E} /c
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
  "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" =-
  "AskSBar Uninstall" =-
  
  :Commands
  [CREATERESTOREPOINT]
  [REBOOT]

• Then click the button at the top
• Let the program run unhindered, reboot the PC when it is done
• Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[adiii]

I can't find my Windows Vista DVD. The repair your computer option does exist.


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}\ deleted successfully.
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Prefs.js: "http://mp3tubetoolba...={searchTerms}" removed from browser.search.selectedEngineURL
Prefs.js: "http://mp3tubetoolba...removelink2&q=" removed from keyword.URL
C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\drkj3dog.default\user.js moved successfully.
Folder C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\drkj3dog.default\extensions\[email protected]\ not found.
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drkj3dog.default\searchplugins\safesearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\- BHO: (Ask Search Assistant BHO)\ not found.
File {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\- BHO: (ooVoo toolbar, powered by Ask.com)\ not found.
File {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\LM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) not found.
File 154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
========== FILES ==========
File\Folder C:\Program Files\Ask.com not found.
C:\Windows\Installer\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}\U folder moved successfully.
C:\Windows\Installer\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}\L folder moved successfully.
C:\Windows\Installer\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093} folder moved successfully.
C:\Users\owner\AppData\Local\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}\U folder moved successfully.
C:\Users\owner\AppData\Local\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093}\L folder moved successfully.
C:\Users\owner\AppData\Local\{9dbc6f1c-60fc-2c42-c155-f0548ecbd093} folder moved successfully.
< Type C:\{6BA63AEC-DA5D-4DFD-8C21-7E4B7BE9E671} /c >
Žù[”éqèBºÉR°.yût,Ÿj�*lkÇ_t¸`�ûó$xüm°n>˜Y»•;;�
¤"j²â
±Wßu*öbDo³t¾ZÁËQ~»vùU¤NrN£‚ófÐfXýÿ¢?HRÒüL–…œïag´šÒ¼¬äš :3�]œ>òÝï'6r½†°µú’C>`é&e#Õ¾¿ªJrLEsWz*}$p¤7£�sÞ˜vÖI„KKãÔ†IuS¦¨$:«×PëÓó²¬Û‹BR&ªa�ÀM±jgÜËð.OýÄÑnÄ‘&™
þ¯§ásŒ>
bßr JQ~i
âxJ+ù²Óþ‘0°Z4)®»�‚B�ý–íB>©ªvuRjÿ°¸{>s~í@¡ª�~¹JM÷ŠÍÊzï)ÐƉŸô(PÆ鯻f³6ž${‚œm žõrHÖ1^®îA}Î5ËMºâlÞAFºsGÖgþÛl©Þ" aÓ6¸tWÂQhˆ^+'ºþ$ßõ¸Ïk—/Òþ  �«ÍëQ05ëm‘#6Cã¡)—VH„ôcv猛X[͘,­£¤¿pǯ
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< Type C:\{25C84DC3-D432-491A-9C88-6C1E880F841E} /c >
Žù[”éqèBºÉR°.yûtUS
] ÒÌ/œÝ-:t …Ôg%Ùé›F´­ÔN÷ÚÊÀ
'(Õ3½‘¡]‘�˜S‡°¨dçêfAo€¬Ü g(˜óûYãö—‰Vñ@ÍÕX®RhùOð–/ÁÀ!\gÜM”­<ý)ˆ¹¦VRà”%’ˆÞétù˜@$¾éÕð°ù+•æ¢HMaAG %ÖwX:žÃÊ'¢ZÊeu°˜—¢ß—ï;ûŸ¸Ö«Œ¢*�ì²F¸bùí¾*ÚrâÜ?–«°ªÛçØ·9¦T�“Îå€ç;
æÊ’þZ'˜
`ØKů»tk�(uù%ÚA»¸«n€"v+;þµGøÎ|¨($„c{è7®�ñXåªöƒÞ®î¨¦$f\ðú¶U.I€‘»ÎÖ7%ÀoWþ°AØ*K…‚›é`“õ81Ú�bo86€²C%dxÓæá.qR[®SîeóÛöÔ"J—ßêÊ;^—êÛÿ)*0 Ò`šlÒœZø[æ1;G»mž¼ FL×üõó¯ïÒTäㆶ,"2Jê,­¾òºB`¼J]
®S¥UArÏlú£î7É)W˜_
ÕÝIU>vìR•tëØ«EI.3ùuÍ]-ê”ÇÔ/ñ]?ëS&q¸µSðð“ÿؾFMݧ”ž¦-Á¶òüékÜÞçÒwò”VßüM‚®Šük/HO�¯z•ÄÛ7'½iÝÿrÃìÔßà#‰ÛQî&GZc^MÒ·‘Ö•
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{86D4B82A-ABED-442A-BE86-96357B70F4FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AskSBar Uninstall not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_200356

[WhiteHat]

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select English as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

[adiii]

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 22:39:54
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe [x]
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [413696 2007-04-10] (Chicony)
HKLM\...\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HWSetup] \HWSetup.exe hwSetUP [x]
HKLM\...\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe" [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [448632 2007-03-22] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [538744 2007-04-26] (TOSHIBA Corporation)
HKLM\...\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [34352 2006-11-06] ()
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [1862144 2007-05-21] (Google)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [111856 2009-02-03] (Yahoo! Inc)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [273544 2011-05-21] (RealNetworks, Inc.)
HKLM\...\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [126976 2011-07-27] (Google Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Chris\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [417792 2007-01-22] (TOSHIBA)
HKU\Chris\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Chris\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-27] (Google Inc.)
HKU\Chris\...\Policies\system: [LogonHoursAction] 2
HKU\Chris\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [417792 2007-01-22] (TOSHIBA)
HKU\Default\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [ooVoo] C\ooVoo.exe /minimized [x]
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [417792 2007-01-22] (TOSHIBA)
HKU\Default User\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [ooVoo] C\ooVoo.exe /minimized [x]
HKU\Guest\...\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [417792 2007-01-22] (TOSHIBA)
HKU\Guest\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Guest\...\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [50528 2007-09-29] (AOL LLC)
HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-27] (Google Inc.)
HKU\Lovie\...\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [417792 2007-01-22] (TOSHIBA)
HKU\Lovie\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Lovie\...\Run: [Aim6] [x]
HKU\Lovie\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Lovie\...\Policies\system: [LogonHoursAction] 2
HKU\Lovie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [417792 2007-01-22] (TOSHIBA)
HKU\Mcx1\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Mcx1\...\Policies\system: [LogonHoursAction] 2
HKU\Mcx1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation)
HKU\owner\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-27] (Google Inc.)
HKU\owner\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\owner\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\owner\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
HKU\owner\...\Policies\system: [LogonHoursAction] 2
HKU\owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Tia\...\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [417792 2007-01-22] (TOSHIBA)
HKU\Tia\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Tia\...\Policies\system: [LogonHoursAction] 2
HKU\Tia\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [165416 2008-05-05] (WildTangent, Inc.)
3 GoogleDesktopManager; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [1862144 2007-05-21] (Google)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
3 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2008-09-11] ()
2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2011-02-09] (Absolute Software Corp.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [427576 2007-03-29] (TOSHIBA Corporation)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [x]
3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [x]
2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36512 2008-08-22] ()
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120725.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)
0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-21] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120725.019\NAVENG.SYS [87928 2012-05-25] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120725.019\NAVEX15.SYS [1589752 2012-05-25] (Symantec Corporation)
3 samhid; C:\Windows\System32\drivers\samhid.sys [7548 2006-01-07] ()
1 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [87936 2008-02-22] (MCCI Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-09] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1207020.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
3 UVCFTR; C:\Windows\System32\DRIVERS\UVCFTR_S.SYS [11264 2007-03-12] (Chicony Electronics Co., Ltd.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 Tosrfcom; [x]
3 TpChoice; C:\Windows\System32\DRIVERS\TpChoice.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-26 22:39 - 2012-07-26 22:39 - 00000000 ____D C:\FRST
2012-07-26 18:11 - 2012-07-26 18:11 - 00002120 ____A C:\{A15914A2-DC5E-4FCF-ABD5-3C0BD01243C1}
2012-07-23 16:44 - 2012-07-23 16:44 - 00003072 ____A C:\{18F8B386-A614-41A9-8313-875EDDBDBDFF}
2012-07-23 16:03 - 2012-07-23 16:03 - 00000000 ____D C:\_OTL
2012-07-23 16:01 - 2012-07-23 16:01 - 00002120 ____A C:\{017AE820-2E09-47FB-94AC-3C4D6F1D2F6D}
2012-07-23 15:50 - 2012-07-23 15:50 - 00003168 ____A C:\{65C2DD60-AB4A-457B-B90F-37A3C2CEDF67}
2012-07-22 19:12 - 2012-07-22 19:12 - 00694833 ____A (Farbar) C:\Users\owner\Desktop\FSS.exe
2012-07-22 14:05 - 2012-07-22 14:05 - 00003168 ____A C:\{421B7E3D-F4BA-4A81-AB8A-AF6907553ACF}
2012-07-21 21:01 - 2012-07-22 19:14 - 00003978 ____A C:\Users\owner\Desktop\FSS.txt
2012-07-21 20:39 - 2012-07-21 20:39 - 00058236 ____A C:\Users\owner\Desktop\Extras.Txt
2012-07-21 20:35 - 2012-07-21 20:35 - 00145100 ____A C:\Users\owner\Desktop\OTL.Txt
2012-07-21 19:37 - 2012-07-21 19:37 - 00596480 ____A (OldTimer Tools) C:\Users\owner\Desktop\OTL.exe
2012-07-21 11:50 - 2012-07-21 11:50 - 00003128 ____A C:\{F4797981-02AF-428E-A765-754D0DB18751}
2012-07-21 09:51 - 2012-07-21 11:05 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-21 09:49 - 2012-07-21 09:49 - 00000395 ____A C:\rkill.log
2012-07-21 09:48 - 2012-07-21 09:48 - 01012656 ____A C:\Users\owner\Downloads\rkill.exe
2012-07-21 09:44 - 2012-07-21 09:44 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\owner\Downloads\tdsskiller(1).exe
2012-07-21 09:43 - 2012-07-21 09:43 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\owner\Downloads\tdsskiller.exe
2012-07-20 22:32 - 2012-07-20 22:32 - 00003168 ____A C:\{6BA63AEC-DA5D-4DFD-8C21-7E4B7BE9E671}
2012-07-20 19:40 - 2012-07-20 19:40 - 00003168 ____A C:\{02FC3C85-BC25-49B9-BBAC-3C147A19DB6B}
2012-07-20 19:32 - 2012-07-20 19:32 - 00003168 ____A C:\{AE4F983F-AD3B-44CB-8369-72777CCF9225}
2012-07-20 19:31 - 2012-07-20 19:31 - 00003168 ____A C:\{49843135-F970-47CA-9773-1BEA8146003D}
2012-07-20 19:30 - 2012-07-20 19:30 - 00003160 ____A C:\{25C84DC3-D432-491A-9C88-6C1E880F841E}
2012-07-20 19:28 - 2012-07-20 19:28 - 00003168 ____A C:\{0703E6FE-DCBE-4A6D-BB8B-6F26585ABDF2}
2012-07-20 19:27 - 2012-07-20 19:27 - 00003168 ____A C:\{172D16FF-1F6C-412B-821D-11F795C7FCE6}
2012-07-20 19:25 - 2012-07-20 19:25 - 00003192 ____A C:\{98A4F8BF-BC08-4429-AA03-CD12FCE3F766}
2012-07-20 19:23 - 2012-07-20 19:23 - 00003168 ____A C:\{E2728F82-2C61-4BCC-8E4E-E1BAC63902D9}
2012-07-20 18:48 - 2012-07-20 18:48 - 00003192 ____A C:\{0FF10280-BFFC-45F4-A35B-851A614E8555}
2012-07-20 17:32 - 2012-07-20 17:32 - 00003168 ____A C:\{B1734447-E7E2-41A1-AFF7-00D8CA9AC224}
2012-07-20 17:31 - 2012-07-20 17:31 - 00003192 ____A C:\{68522BF9-0388-45FD-A351-437B7E39F3BC}
2012-07-20 16:52 - 2012-07-20 16:53 - 00003192 ____A C:\{F8EE753C-A82A-4096-A211-41CC35E44794}
2012-07-20 16:52 - 2012-07-20 16:52 - 00002464 ____A C:\{0F1D25AE-AF68-4994-A939-C1B877CA8E5A}
2012-07-20 16:50 - 2012-07-20 16:50 - 00003160 ____A C:\{E34D0970-97CF-4FCB-AC79-A057B5B83843}
2012-07-20 16:49 - 2012-07-20 16:49 - 00003168 ____A C:\{50AAECBA-03E8-46CF-B973-6F5C1F15EFC5}
2012-07-20 16:43 - 2012-07-20 16:43 - 00003192 ____A C:\{2A74AE8E-BDE1-4C97-AB83-2A65A633C5F8}
2012-07-20 16:42 - 2012-07-20 16:42 - 00003168 ____A C:\{FCFCD298-AFC8-4031-A971-4BC6FB5C0E6A}
2012-07-20 16:40 - 2012-07-20 16:40 - 00003168 ____A C:\{9C6F7F4B-8968-43EA-B8E6-19B23C4E4FA7}
2012-07-20 16:26 - 2012-07-20 16:26 - 00000917 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-20 16:00 - 2012-07-20 16:00 - 00003192 ____A C:\{2326045C-366B-4E8E-B60C-DDF70650FE27}
2012-07-19 22:30 - 2012-07-19 22:30 - 00003192 ____A C:\{A855009F-34C2-4DEC-A4DB-18793F7ADC23}
2012-07-19 22:22 - 2012-07-19 22:22 - 00000000 ____D C:\Users\owner\AppData\Roaming\FixZeroAccess
2012-07-19 20:47 - 2012-07-19 20:47 - 01805736 ____A (Symantec Corporation) C:\Users\owner\Desktop\FixZeroAccess.exe
2012-07-18 19:36 - 2012-07-18 19:58 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
2012-07-18 19:31 - 2012-07-18 19:31 - 02841104 ____A (Symantec Corporation) C:\Users\owner\Downloads\NPE.exe
2012-07-18 15:20 - 2012-07-18 15:20 - 00003192 ____A C:\{98AB9C6F-5E6B-44F4-A09A-D0B2CEE95776}
2012-07-18 01:18 - 2012-07-18 01:18 - 00003168 ____A C:\{35A52861-7BAF-4A80-992D-30925ADF5EE1}
2012-07-18 01:10 - 2012-07-18 01:10 - 00003168 ____A C:\{3CF5315D-4D73-44F2-A5D2-662D016C698A}
2012-07-18 01:08 - 2012-07-18 01:08 - 00003168 ____A C:\{78AC8E6E-F62F-4D9E-8AFE-8218316A867D}
2012-07-18 00:51 - 2012-07-18 00:51 - 00003168 ____A C:\{EEDB5512-5B27-41BB-BAED-5FDB81B94439}
2012-07-18 00:15 - 2012-07-18 00:15 - 00003168 ____A C:\{B2F58096-3B54-4F81-A5CB-BCDB1CA8E9C8}
2012-07-17 23:56 - 2012-07-17 23:56 - 00003192 ____A C:\{B4B4E2B6-196D-438B-A08D-A40BD4BE5323}
2012-07-17 23:37 - 2012-07-17 23:37 - 00003168 ____A C:\{B2FC7829-2EA3-4B10-9DCB-80BF3D68F852}
2012-07-17 23:36 - 2012-07-17 23:36 - 00003192 ____A C:\{F1140557-A947-449A-85C7-C733E3220169}
2012-07-17 22:53 - 2012-07-17 22:53 - 00003192 ____A C:\{A9CFB260-1C5B-4965-B0F4-B7E4F22203F5}
2012-07-17 22:28 - 2012-07-17 22:28 - 00003160 ____A C:\{57B206EB-177E-44C3-A8E9-117A711A5B53}
2012-07-17 22:26 - 2012-07-17 22:26 - 00003168 ____A C:\{9A711070-2854-498D-B7C2-0D0477A64530}
2012-07-17 22:25 - 2012-07-17 22:25 - 00003168 ____A C:\{9B66C1D4-7CF2-4E8F-AED2-0A3877B43008}
2012-07-17 22:16 - 2012-07-17 22:16 - 00003168 ____A C:\{EC4AD8BB-3761-4E1B-A4B4-2371E901D8A8}
2012-07-17 22:05 - 2012-07-17 22:05 - 00003168 ____A C:\{99AECE6E-7740-44DB-8695-79EEF4631A75}
2012-07-17 22:03 - 2012-07-17 22:03 - 00003192 ____A C:\{6BD5900C-EEA0-4E3D-9A5F-608B47C08BA2}
2012-07-17 21:36 - 2012-07-17 21:36 - 00003168 ____A C:\{3B332147-7ED6-42C5-96D0-79AF3F20C510}
2012-07-17 21:10 - 2012-07-17 21:11 - 00003168 ____A C:\{5A1883F0-A816-414D-8D71-E729D33B72A7}
2012-07-17 21:04 - 2012-07-17 21:04 - 00003192 ____A C:\{C5D43213-7AEC-4FAF-99B5-909D787C0FF3}
2012-07-17 20:37 - 2012-07-17 20:37 - 00003192 ____A C:\{19243217-DCC9-406D-8E8D-8388F331CCD9}
2012-07-17 20:31 - 2012-07-17 20:31 - 00003168 ____A C:\{72924E0D-457C-4366-B8B0-9C9F43C73209}
2012-07-17 20:30 - 2012-07-17 20:30 - 00003168 ____A C:\{6F95C386-9376-4466-8EE7-BBCC49E08E4E}
2012-07-11 18:58 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 18:05 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 18:05 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 18:05 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 18:05 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 18:05 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 18:05 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 18:05 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 18:05 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 18:05 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 18:05 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 18:05 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 18:05 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 18:05 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 18:04 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 16:45 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 16:45 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 16:45 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 16:45 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 16:45 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 16:45 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-04 21:35 - 2012-07-22 19:07 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
2012-07-04 19:39 - 2012-07-04 19:43 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2012-07-04 19:27 - 2012-07-04 20:12 - 00000000 ____D C:\Users\Lovie\AppData\Roaming\Skype
2012-07-04 19:27 - 2012-07-04 19:51 - 00002487 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-04 19:27 - 2012-07-04 19:51 - 00000000 ____D C:\Users\All Users\Skype
2012-07-04 19:27 - 2012-07-04 19:27 - 00000000 ___RD C:\Program Files\Skype
2012-07-04 19:27 - 2012-07-04 19:27 - 00000000 ____D C:\Program Files\Common Files\Skype

============ 3 Months Modified Files ========================

2012-07-26 18:23 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 18:23 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 18:22 - 2006-11-02 05:01 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-26 18:22 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 18:14 - 2006-11-02 02:33 - 00709582 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 18:11 - 2012-07-26 18:11 - 00002120 ____A C:\{A15914A2-DC5E-4FCF-ABD5-3C0BD01243C1}
2012-07-26 18:10 - 2011-05-01 14:04 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 18:07 - 2009-11-07 02:08 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2012-07-26 18:07 - 2009-11-06 05:53 - 00017408 ____A C:\Windows\System32\rpcnetp.exe
2012-07-25 21:06 - 2007-07-16 19:57 - 01550811 ____A C:\Windows\WindowsUpdate.log
2012-07-25 21:04 - 2011-05-01 14:04 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-25 20:57 - 2012-04-03 16:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 18:05 - 2010-05-01 17:10 - 00001356 ____A C:\Users\owner\AppData\Local\d3d9caps.dat
2012-07-23 16:44 - 2012-07-23 16:44 - 00003072 ____A C:\{18F8B386-A614-41A9-8313-875EDDBDBDFF}
2012-07-23 16:01 - 2012-07-23 16:01 - 00002120 ____A C:\{017AE820-2E09-47FB-94AC-3C4D6F1D2F6D}
2012-07-23 15:50 - 2012-07-23 15:50 - 00003168 ____A C:\{65C2DD60-AB4A-457B-B90F-37A3C2CEDF67}
2012-07-22 19:14 - 2012-07-21 21:01 - 00003978 ____A C:\Users\owner\Desktop\FSS.txt
2012-07-22 19:12 - 2012-07-22 19:12 - 00694833 ____A (Farbar) C:\Users\owner\Desktop\FSS.exe
2012-07-22 14:05 - 2012-07-22 14:05 - 00003168 ____A C:\{421B7E3D-F4BA-4A81-AB8A-AF6907553ACF}
2012-07-21 20:39 - 2012-07-21 20:39 - 00058236 ____A C:\Users\owner\Desktop\Extras.Txt
2012-07-21 20:35 - 2012-07-21 20:35 - 00145100 ____A C:\Users\owner\Desktop\OTL.Txt
2012-07-21 19:37 - 2012-07-21 19:37 - 00596480 ____A (OldTimer Tools) C:\Users\owner\Desktop\OTL.exe
2012-07-21 11:50 - 2012-07-21 11:50 - 00003128 ____A C:\{F4797981-02AF-428E-A765-754D0DB18751}
2012-07-21 11:45 - 2009-11-06 05:56 - 00017408 ____A C:\Windows\System32\rpcnetp.dll
2012-07-21 11:05 - 2012-07-21 09:51 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-21 09:49 - 2012-07-21 09:49 - 00000395 ____A C:\rkill.log
2012-07-21 09:48 - 2012-07-21 09:48 - 01012656 ____A C:\Users\owner\Downloads\rkill.exe
2012-07-21 09:44 - 2012-07-21 09:44 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\owner\Downloads\tdsskiller(1).exe
2012-07-21 09:43 - 2012-07-21 09:43 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\owner\Downloads\tdsskiller.exe
2012-07-21 05:45 - 2007-05-16 16:47 - 00139242 ____A C:\Windows\PFRO.log
2012-07-20 22:32 - 2012-07-20 22:32 - 00003168 ____A C:\{6BA63AEC-DA5D-4DFD-8C21-7E4B7BE9E671}
2012-07-20 19:40 - 2012-07-20 19:40 - 00003168 ____A C:\{02FC3C85-BC25-49B9-BBAC-3C147A19DB6B}
2012-07-20 19:32 - 2012-07-20 19:32 - 00003168 ____A C:\{AE4F983F-AD3B-44CB-8369-72777CCF9225}
2012-07-20 19:31 - 2012-07-20 19:31 - 00003168 ____A C:\{49843135-F970-47CA-9773-1BEA8146003D}
2012-07-20 19:30 - 2012-07-20 19:30 - 00003160 ____A C:\{25C84DC3-D432-491A-9C88-6C1E880F841E}
2012-07-20 19:28 - 2012-07-20 19:28 - 00003168 ____A C:\{0703E6FE-DCBE-4A6D-BB8B-6F26585ABDF2}
2012-07-20 19:27 - 2012-07-20 19:27 - 00003168 ____A C:\{172D16FF-1F6C-412B-821D-11F795C7FCE6}
2012-07-20 19:25 - 2012-07-20 19:25 - 00003192 ____A C:\{98A4F8BF-BC08-4429-AA03-CD12FCE3F766}
2012-07-20 19:23 - 2012-07-20 19:23 - 00003168 ____A C:\{E2728F82-2C61-4BCC-8E4E-E1BAC63902D9}
2012-07-20 18:48 - 2012-07-20 18:48 - 00003192 ____A C:\{0FF10280-BFFC-45F4-A35B-851A614E8555}
2012-07-20 17:32 - 2012-07-20 17:32 - 00003168 ____A C:\{B1734447-E7E2-41A1-AFF7-00D8CA9AC224}
2012-07-20 17:31 - 2012-07-20 17:31 - 00003192 ____A C:\{68522BF9-0388-45FD-A351-437B7E39F3BC}
2012-07-20 16:53 - 2012-07-20 16:52 - 00003192 ____A C:\{F8EE753C-A82A-4096-A211-41CC35E44794}
2012-07-20 16:52 - 2012-07-20 16:52 - 00002464 ____A C:\{0F1D25AE-AF68-4994-A939-C1B877CA8E5A}
2012-07-20 16:50 - 2012-07-20 16:50 - 00003160 ____A C:\{E34D0970-97CF-4FCB-AC79-A057B5B83843}
2012-07-20 16:49 - 2012-07-20 16:49 - 00003168 ____A C:\{50AAECBA-03E8-46CF-B973-6F5C1F15EFC5}
2012-07-20 16:43 - 2012-07-20 16:43 - 00003192 ____A C:\{2A74AE8E-BDE1-4C97-AB83-2A65A633C5F8}
2012-07-20 16:42 - 2012-07-20 16:42 - 00003168 ____A C:\{FCFCD298-AFC8-4031-A971-4BC6FB5C0E6A}
2012-07-20 16:40 - 2012-07-20 16:40 - 00003168 ____A C:\{9C6F7F4B-8968-43EA-B8E6-19B23C4E4FA7}
2012-07-20 16:26 - 2012-07-20 16:26 - 00000917 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-20 16:00 - 2012-07-20 16:00 - 00003192 ____A C:\{2326045C-366B-4E8E-B60C-DDF70650FE27}
2012-07-19 22:30 - 2012-07-19 22:30 - 00003192 ____A C:\{A855009F-34C2-4DEC-A4DB-18793F7ADC23}
2012-07-19 20:47 - 2012-07-19 20:47 - 01805736 ____A (Symantec Corporation) C:\Users\owner\Desktop\FixZeroAccess.exe
2012-07-18 19:31 - 2012-07-18 19:31 - 02841104 ____A (Symantec Corporation) C:\Users\owner\Downloads\NPE.exe
2012-07-18 15:20 - 2012-07-18 15:20 - 00003192 ____A C:\{98AB9C6F-5E6B-44F4-A09A-D0B2CEE95776}
2012-07-18 01:18 - 2012-07-18 01:18 - 00003168 ____A C:\{35A52861-7BAF-4A80-992D-30925ADF5EE1}
2012-07-18 01:10 - 2012-07-18 01:10 - 00003168 ____A C:\{3CF5315D-4D73-44F2-A5D2-662D016C698A}
2012-07-18 01:08 - 2012-07-18 01:08 - 00003168 ____A C:\{78AC8E6E-F62F-4D9E-8AFE-8218316A867D}
2012-07-18 00:51 - 2012-07-18 00:51 - 00003168 ____A C:\{EEDB5512-5B27-41BB-BAED-5FDB81B94439}
2012-07-18 00:15 - 2012-07-18 00:15 - 00003168 ____A C:\{B2F58096-3B54-4F81-A5CB-BCDB1CA8E9C8}
2012-07-17 23:56 - 2012-07-17 23:56 - 00003192 ____A C:\{B4B4E2B6-196D-438B-A08D-A40BD4BE5323}
2012-07-17 23:37 - 2012-07-17 23:37 - 00003168 ____A C:\{B2FC7829-2EA3-4B10-9DCB-80BF3D68F852}
2012-07-17 23:36 - 2012-07-17 23:36 - 00003192 ____A C:\{F1140557-A947-449A-85C7-C733E3220169}
2012-07-17 22:53 - 2012-07-17 22:53 - 00003192 ____A C:\{A9CFB260-1C5B-4965-B0F4-B7E4F22203F5}
2012-07-17 22:28 - 2012-07-17 22:28 - 00003160 ____A C:\{57B206EB-177E-44C3-A8E9-117A711A5B53}
2012-07-17 22:26 - 2012-07-17 22:26 - 00003168 ____A C:\{9A711070-2854-498D-B7C2-0D0477A64530}
2012-07-17 22:25 - 2012-07-17 22:25 - 00003168 ____A C:\{9B66C1D4-7CF2-4E8F-AED2-0A3877B43008}
2012-07-17 22:16 - 2012-07-17 22:16 - 00003168 ____A C:\{EC4AD8BB-3761-4E1B-A4B4-2371E901D8A8}
2012-07-17 22:05 - 2012-07-17 22:05 - 00003168 ____A C:\{99AECE6E-7740-44DB-8695-79EEF4631A75}
2012-07-17 22:03 - 2012-07-17 22:03 - 00003192 ____A C:\{6BD5900C-EEA0-4E3D-9A5F-608B47C08BA2}
2012-07-17 21:36 - 2012-07-17 21:36 - 00003168 ____A C:\{3B332147-7ED6-42C5-96D0-79AF3F20C510}
2012-07-17 21:11 - 2012-07-17 21:10 - 00003168 ____A C:\{5A1883F0-A816-414D-8D71-E729D33B72A7}
2012-07-17 21:04 - 2012-07-17 21:04 - 00003192 ____A C:\{C5D43213-7AEC-4FAF-99B5-909D787C0FF3}
2012-07-17 20:37 - 2012-07-17 20:37 - 00003192 ____A C:\{19243217-DCC9-406D-8E8D-8388F331CCD9}
2012-07-17 20:31 - 2012-07-17 20:31 - 00003168 ____A C:\{72924E0D-457C-4366-B8B0-9C9F43C73209}
2012-07-17 20:30 - 2012-07-17 20:30 - 00003168 ____A C:\{6F95C386-9376-4466-8EE7-BBCC49E08E4E}
2012-07-17 17:46 - 2009-09-26 17:32 - 00000440 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-07-12 18:58 - 2012-04-03 16:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 18:58 - 2011-05-18 19:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-12 17:49 - 2006-11-02 04:47 - 00326144 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 18:11 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-04 19:51 - 2012-07-04 19:27 - 00002487 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-03 09:46 - 2010-03-10 21:29 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-21 17:08 - 2007-09-13 17:20 - 00128875 ____A C:\Windows\Directx.log
2012-06-13 19:34 - 2012-06-13 19:34 - 00001675 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 05:40 - 2012-07-11 18:58 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 16:11 - 2010-05-31 06:13 - 00002171 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-06-08 09:47 - 2012-07-10 16:45 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-10 16:45 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-10 16:45 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-10 16:45 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-08 14:45 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 14:45 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 14:45 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 14:44 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 14:44 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-08 14:45 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-08 14:44 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-08 14:43 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-08 14:43 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 18:05 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 18:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 18:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 18:05 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 18:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 18:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 18:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 18:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 18:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 18:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 18:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 18:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 18:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 18:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-10 16:45 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-10 16:45 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-30 21:09 - 2012-05-30 21:09 - 00000104 ____A C:\Users\owner\Desktop\Help and Support - Shortcut.lnk
2012-05-16 20:18 - 2010-01-14 18:04 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-12 05:17 - 2012-05-12 05:17 - 00000680 ____A C:\Users\Lovie\AppData\Local\d3d9caps.dat
2012-05-11 17:58 - 2011-01-26 12:43 - 00001737 ____A C:\Users\Public\Desktop\ooVoo.lnk
2012-05-01 06:03 - 2012-06-12 16:30 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 1917.44 MB
Available physical RAM: 1528.18 MB
Total Pagefile: 1749.83 MB
Available Pagefile: 1599.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (SQ004409V05) (Fixed) (Total:231.42 GB) (Free:125.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
4 Drive f: (Kingston) (Removable) (Total:0.96 GB) (Free:0.14 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 993 KB
Disk 1 Online 984 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 231 GB 1501 MB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ004409V05 NTFS Partition 231 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 983 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F Kingston FAT Removable 983 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-26 18:14

======================= End Of Log ==========================

[WhiteHat]

Hi,

# Step 1 #

Restart your computer and enter in System Recovery Options.



Select the Command Prompt option and run FRST (Farbar Recovery Scan Tool).

In the Farbar Recovery Scan Tool.

• Type the following in the edit box after "Search:" Services.exe
• Click the Search button
• It will make a log (Search.txt)

Post the Search.txt log in your next reply.

[adiii]

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-27 22:53:02
Running from F:\

================== Search: "Services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-10 19:12] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-07-22 12:33] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-10 19:12] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===