Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have rootkit, how do I remove? PLEASE HELP

Started by blaineholloway , Jul 27 2012 11:23 AM

  • Please log in to reply

#16
blaineholloway
Posted 29 July 2012 - 09:27 AM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi, we've had some minor success. I went back and installed all the Combofix and softwares you asked, and I followed the pattern and got all the logs, then I reset IE and I can now access MSN messenger and I can download from the Internet again and visit those sites taht I could previously not.

However my UAC us still off and it won't let me turn it back on. Here are the logs you requested:

MBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 14:43:25
-----------------------------
14:43:25.426 OS Version: Windows 6.0.6002 Service Pack 2
14:43:25.426 Number of processors: 2 586 0xF0D
14:43:25.426 ComputerName: BLAINE-PC UserName: Blaine
14:43:50.136 Initialize success
14:44:01.921 AVAST engine download error: 0
14:44:19.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:44:19.003 Disk 0 Vendor: FUJITSU_ 0040 Size: 152627MB BusType: 3
14:44:19.034 Disk 0 MBR read successfully
14:44:19.034 Disk 0 MBR scan
14:44:19.034 Disk 0 Windows VISTA default MBR code
14:44:19.050 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:44:19.066 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76154 MB offset 3074048
14:44:19.081 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 74971 MB offset 159037440
14:44:19.097 Disk 0 scanning sectors +312579760
14:44:19.159 Disk 0 scanning C:\Windows\system32\drivers
14:44:29.876 Service scanning
14:44:57.504 Modules scanning
14:45:07.987 Scan finished successfully
14:45:33.634 Disk 0 MBR has been saved successfully to "C:\Users\Blaine\Desktop\MBR.dat"
14:45:33.649 The log file has been saved successfully to "C:\Users\Blaine\Desktop\aswMBR.txt"


NO COMBOFIX LOGS WERE WHERE YOU SAID THEY WOULD BE

TDSKILLER:

15:22:21.0820 4596 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:22:23.0833 4596 ============================================================
15:22:23.0833 4596 Current date / time: 2012/07/29 15:22:23.0833
15:22:23.0833 4596 SystemInfo:
15:22:23.0833 4596
15:22:23.0833 4596 OS Version: 6.0.6002 ServicePack: 2.0
15:22:23.0833 4596 Product type: Workstation
15:22:23.0833 4596 ComputerName: BLAINE-PC
15:22:23.0833 4596 UserName: Blaine
15:22:23.0833 4596 Windows directory: C:\Windows
15:22:23.0833 4596 System windows directory: C:\Windows
15:22:23.0833 4596 Processor architecture: Intel x86
15:22:23.0833 4596 Number of processors: 2
15:22:23.0833 4596 Page size: 0x1000
15:22:23.0833 4596 Boot type: Normal boot
15:22:23.0833 4596 ============================================================
15:22:25.0549 4596 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:22:25.0580 4596 Drive \Device\Harddisk1\DR1 - Size: 0x1EA00000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:22:25.0580 4596 ============================================================
15:22:25.0580 4596 \Device\Harddisk0\DR0:
15:22:25.0580 4596 MBR partitions:
15:22:25.0580 4596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x94BD000
15:22:25.0580 4596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x97AB800, BlocksNum 0x926DEB0
15:22:25.0580 4596 \Device\Harddisk1\DR1:
15:22:25.0580 4596 MBR partitions:
15:22:25.0580 4596 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x50, BlocksNum 0xF4FB0
15:22:25.0580 4596 ============================================================
15:22:25.0627 4596 C: <-> \Device\Harddisk0\DR0\Partition0
15:22:25.0689 4596 E: <-> \Device\Harddisk0\DR0\Partition1
15:22:25.0689 4596 ============================================================
15:22:25.0689 4596 Initialize success
15:22:25.0689 4596 ============================================================
15:23:15.0484 1124 ============================================================
15:23:15.0484 1124 Scan started
15:23:15.0484 1124 Mode: Manual; SigCheck; TDLFS;
15:23:15.0484 1124 ============================================================
15:23:15.0905 1124 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:23:16.0046 1124 !SASCORE - ok
15:23:16.0436 1124 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:23:16.0451 1124 ACPI - ok
15:23:16.0639 1124 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:23:16.0654 1124 AdobeFlashPlayerUpdateSvc - ok
15:23:16.0810 1124 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:23:16.0888 1124 adp94xx - ok
15:23:16.0966 1124 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:23:16.0997 1124 adpahci - ok
15:23:17.0029 1124 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:23:17.0044 1124 adpu160m - ok
15:23:17.0091 1124 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:23:17.0122 1124 adpu320 - ok
15:23:17.0185 1124 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:23:17.0278 1124 AeLookupSvc - ok
15:23:17.0434 1124 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:23:17.0497 1124 AFD - ok
15:23:21.0178 1124 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
15:23:21.0537 1124 AgereSoftModem - ok
15:23:21.0662 1124 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:23:21.0693 1124 agp440 - ok
15:23:21.0896 1124 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:23:21.0927 1124 aic78xx - ok
15:23:22.0208 1124 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:23:22.0364 1124 ALG - ok
15:23:22.0426 1124 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:23:22.0457 1124 aliide - ok
15:23:22.0567 1124 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:23:22.0598 1124 amdagp - ok
15:23:22.0645 1124 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:23:22.0660 1124 amdide - ok
15:23:22.0754 1124 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:23:22.0785 1124 AmdK7 - ok
15:23:22.0816 1124 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:23:22.0863 1124 AmdK8 - ok
15:23:22.0925 1124 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:23:23.0081 1124 Appinfo - ok
15:23:23.0222 1124 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:23:23.0315 1124 arc - ok
15:23:23.0518 1124 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:23:23.0549 1124 arcsas - ok
15:23:23.0643 1124 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:23:23.0674 1124 AsyncMac - ok
15:23:23.0737 1124 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:23:23.0752 1124 atapi - ok
15:23:24.0189 1124 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
15:23:24.0470 1124 athr - ok
15:23:24.0657 1124 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:23:24.0704 1124 AudioEndpointBuilder - ok
15:23:24.0704 1124 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:23:24.0751 1124 Audiosrv - ok
15:23:24.0860 1124 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:23:24.0907 1124 Beep - ok
15:23:25.0031 1124 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:23:25.0109 1124 BFE - ok
15:23:25.0421 1124 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
15:23:25.0546 1124 BHDrvx86 - ok
15:23:26.0295 1124 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:23:26.0373 1124 BITS - ok
15:23:26.0529 1124 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:23:26.0591 1124 blbdrive - ok
15:23:26.0732 1124 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:23:26.0794 1124 bowser - ok
15:23:26.0888 1124 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:23:26.0935 1124 BrFiltLo - ok
15:23:26.0981 1124 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:23:27.0028 1124 BrFiltUp - ok
15:23:27.0153 1124 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:23:27.0200 1124 Browser - ok
15:23:27.0387 1124 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:23:27.0449 1124 Brserid - ok
15:23:27.0512 1124 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:23:27.0605 1124 BrSerWdm - ok
15:23:27.0637 1124 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:23:27.0715 1124 BrUsbMdm - ok
15:23:27.0777 1124 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:23:27.0824 1124 BrUsbSer - ok
15:23:27.0949 1124 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:23:28.0058 1124 BTHMODEM - ok
15:23:29.0212 1124 catchme - ok
15:23:29.0493 1124 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys
15:23:29.0509 1124 ccSet_N360 - ok
15:23:29.0555 1124 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:23:29.0618 1124 cdfs - ok
15:23:29.0774 1124 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:23:29.0805 1124 cdrom - ok
15:23:29.0914 1124 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:23:29.0961 1124 CertPropSvc - ok
15:23:30.0023 1124 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:23:30.0070 1124 circlass - ok
15:23:30.0601 1124 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:23:30.0632 1124 CLFS - ok
15:23:30.0819 1124 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:23:30.0850 1124 clr_optimization_v2.0.50727_32 - ok
15:23:31.0256 1124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:23:31.0459 1124 clr_optimization_v4.0.30319_32 - ok
15:23:31.0537 1124 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:23:31.0568 1124 CmBatt - ok
15:23:31.0646 1124 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:23:31.0677 1124 cmdide - ok
15:23:31.0739 1124 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:23:31.0755 1124 Compbatt - ok
15:23:31.0755 1124 COMSysApp - ok
15:23:32.0005 1124 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:23:32.0036 1124 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
15:23:32.0036 1124 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
15:23:32.0083 1124 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:23:32.0098 1124 crcdisk - ok
15:23:32.0161 1124 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:23:32.0223 1124 Crusoe - ok
15:23:32.0363 1124 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
15:23:32.0410 1124 CryptSvc - ok
15:23:33.0455 1124 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:23:33.0533 1124 DcomLaunch - ok
15:23:33.0596 1124 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:23:33.0658 1124 DfsC - ok
15:23:34.0516 1124 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:23:35.0062 1124 DFSR - ok
15:23:36.0934 1124 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:23:37.0012 1124 Dhcp - ok
15:23:37.0355 1124 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:23:37.0371 1124 disk - ok
15:23:37.0496 1124 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:23:37.0543 1124 Dnscache - ok
15:23:37.0699 1124 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:23:37.0761 1124 dot3svc - ok
15:23:37.0917 1124 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:23:37.0964 1124 DPS - ok
15:23:38.0026 1124 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:23:38.0073 1124 drmkaud - ok
15:23:38.0822 1124 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:23:38.0915 1124 DXGKrnl - ok
15:23:38.0993 1124 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:23:39.0040 1124 E1G60 - ok
15:23:39.0134 1124 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:23:39.0196 1124 EapHost - ok
15:23:39.0352 1124 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:23:39.0368 1124 Ecache - ok
15:23:40.0351 1124 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:23:40.0429 1124 eeCtrl - ok
15:23:41.0271 1124 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:23:41.0365 1124 ehRecvr - ok
15:23:41.0833 1124 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:23:41.0926 1124 ehSched - ok
15:23:42.0035 1124 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:23:42.0129 1124 ehstart - ok
15:23:42.0503 1124 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:23:42.0613 1124 elxstor - ok
15:23:43.0486 1124 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:23:43.0611 1124 EMDMgmt - ok
15:23:44.0110 1124 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:23:44.0126 1124 EraserUtilRebootDrv - ok
15:23:44.0282 1124 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:23:44.0407 1124 ErrDev - ok
15:23:45.0046 1124 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:23:45.0077 1124 EventSystem - ok
15:23:45.0779 1124 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:23:45.0920 1124 exfat - ok
15:23:46.0357 1124 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:23:46.0435 1124 fastfat - ok
15:23:46.0606 1124 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:23:46.0653 1124 fdc - ok
15:23:46.0825 1124 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:23:46.0856 1124 fdPHost - ok
15:23:46.0934 1124 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:23:47.0027 1124 FDResPub - ok
15:23:47.0215 1124 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:23:47.0230 1124 FileInfo - ok
15:23:47.0402 1124 FileOpenManagerSvc (f67c49bc836ed4164f365b47cab88f04) C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
15:23:47.0573 1124 FileOpenManagerSvc - ok
15:23:47.0698 1124 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:23:47.0792 1124 Filetrace - ok
15:23:47.0870 1124 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:23:47.0932 1124 flpydisk - ok
15:23:48.0478 1124 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:23:48.0494 1124 FltMgr - ok
15:23:50.0912 1124 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:23:51.0146 1124 FontCache - ok
15:23:51.0411 1124 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:23:51.0458 1124 FontCache3.0.0.0 - ok
15:23:51.0583 1124 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:23:51.0645 1124 Fs_Rec - ok
15:23:51.0770 1124 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
15:23:51.0848 1124 FwLnk - ok
15:23:51.0973 1124 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:23:52.0004 1124 gagp30kx - ok
15:23:54.0016 1124 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:23:54.0172 1124 gpsvc - ok
15:23:54.0500 1124 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:23:54.0515 1124 gupdate - ok
15:23:54.0547 1124 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:23:54.0562 1124 gupdatem - ok
15:23:54.0983 1124 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:23:55.0093 1124 gusvc - ok
15:23:55.0327 1124 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:23:55.0451 1124 HdAudAddService - ok
15:23:55.0841 1124 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:23:56.0060 1124 HDAudBus - ok
15:23:56.0122 1124 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:23:56.0247 1124 HidBth - ok
15:23:56.0309 1124 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:23:56.0387 1124 HidIr - ok
15:23:56.0450 1124 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:23:56.0481 1124 hidserv - ok
15:23:56.0528 1124 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:23:56.0590 1124 HidUsb - ok
15:23:56.0684 1124 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:23:56.0746 1124 hkmsvc - ok
15:23:56.0824 1124 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:23:56.0855 1124 HpCISSs - ok
15:23:57.0136 1124 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:23:57.0199 1124 HSFHWAZL - ok
15:23:57.0526 1124 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:23:57.0776 1124 HSF_DPV - ok
15:23:57.0854 1124 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:23:57.0885 1124 HSXHWAZL - ok
15:23:57.0994 1124 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:23:58.0135 1124 HTTP - ok
15:23:58.0166 1124 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:23:58.0181 1124 i2omp - ok
15:23:58.0275 1124 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:23:58.0322 1124 i8042prt - ok
15:23:58.0462 1124 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
15:23:58.0478 1124 iaStor - ok
15:23:58.0696 1124 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:23:58.0774 1124 iaStorV - ok
15:23:59.0242 1124 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:23:59.0492 1124 idsvc - ok
15:24:00.0272 1124 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys
15:24:00.0443 1124 IDSVix86 - ok
15:24:06.0231 1124 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:24:07.0682 1124 igfx - ok
15:24:07.0916 1124 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:24:07.0931 1124 iirsp - ok
15:24:07.0994 1124 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:24:08.0056 1124 IKEEXT - ok
15:24:08.0228 1124 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
15:24:08.0384 1124 IntcAzAudAddService - ok
15:24:09.0491 1124 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:24:09.0507 1124 intelide - ok
15:24:09.0554 1124 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:24:09.0601 1124 intelppm - ok
15:24:09.0647 1124 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:24:09.0694 1124 IPBusEnum - ok
15:24:09.0757 1124 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:24:09.0835 1124 IpFilterDriver - ok
15:24:09.0928 1124 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:24:09.0975 1124 iphlpsvc - ok
15:24:09.0975 1124 IpInIp - ok
15:24:10.0006 1124 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:24:10.0053 1124 IPMIDRV - ok
15:24:10.0084 1124 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:24:10.0147 1124 IPNAT - ok
15:24:10.0162 1124 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:24:10.0193 1124 IRENUM - ok
15:24:10.0225 1124 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:24:10.0240 1124 isapnp - ok
15:24:10.0318 1124 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:24:10.0334 1124 iScsiPrt - ok
15:24:10.0365 1124 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:24:10.0381 1124 iteatapi - ok
15:24:10.0427 1124 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:24:10.0443 1124 iteraid - ok
15:24:10.0755 1124 jswpsapi (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
15:24:10.0864 1124 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
15:24:10.0864 1124 jswpsapi - detected UnsignedFile.Multi.Generic (1)
15:24:10.0911 1124 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
15:24:10.0958 1124 jswpslwf - ok
15:24:11.0005 1124 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:24:11.0020 1124 kbdclass - ok
15:24:11.0067 1124 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
15:24:11.0114 1124 kbdhid - ok
15:24:11.0207 1124 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:24:11.0254 1124 KeyIso - ok
15:24:11.0332 1124 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
15:24:11.0504 1124 KSecDD - ok
15:24:11.0597 1124 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:24:11.0644 1124 KtmRm - ok
15:24:11.0785 1124 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
15:24:11.0847 1124 LanmanServer - ok
15:24:11.0894 1124 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:24:11.0941 1124 LanmanWorkstation - ok
15:24:11.0987 1124 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:24:12.0065 1124 lltdio - ok
15:24:12.0112 1124 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:24:12.0190 1124 lltdsvc - ok
15:24:12.0206 1124 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:24:12.0268 1124 lmhosts - ok
15:24:12.0315 1124 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:24:12.0346 1124 LSI_FC - ok
15:24:12.0362 1124 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:24:12.0393 1124 LSI_SAS - ok
15:24:12.0424 1124 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:24:12.0440 1124 LSI_SCSI - ok
15:24:12.0471 1124 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:24:12.0518 1124 luafv - ok
15:24:12.0565 1124 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:24:12.0580 1124 MBAMProtector - ok
15:24:12.0689 1124 MBAMService (de199f3aa9c541a349af95a5c72a71af) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:24:12.0721 1124 MBAMService - ok
15:24:12.0767 1124 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
15:24:12.0799 1124 MBAMSwissArmy - ok
15:24:13.0064 1124 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
15:24:13.0126 1124 McciCMService ( UnsignedFile.Multi.Generic ) - warning
15:24:13.0126 1124 McciCMService - detected UnsignedFile.Multi.Generic (1)
15:24:13.0282 1124 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:24:13.0345 1124 Mcx2Svc - ok
15:24:13.0376 1124 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:24:13.0469 1124 mdmxsdk - ok
15:24:13.0532 1124 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:24:13.0547 1124 megasas - ok
15:24:13.0610 1124 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:24:13.0719 1124 MegaSR - ok
15:24:13.0844 1124 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:24:13.0906 1124 MMCSS - ok
15:24:13.0969 1124 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:24:14.0015 1124 Modem - ok
15:24:14.0156 1124 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:24:14.0249 1124 monitor - ok
15:24:14.0281 1124 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:24:14.0327 1124 mouclass - ok
15:24:14.0405 1124 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:24:14.0468 1124 mouhid - ok
15:24:14.0561 1124 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:24:14.0593 1124 MountMgr - ok
15:24:14.0733 1124 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:24:14.0780 1124 mpio - ok
15:24:14.0795 1124 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:24:14.0858 1124 mpsdrv - ok
15:24:15.0061 1124 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:24:15.0139 1124 MpsSvc - ok
15:24:15.0217 1124 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:24:15.0248 1124 Mraid35x - ok
15:24:15.0482 1124 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:24:15.0513 1124 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:24:15.0513 1124 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:24:15.0529 1124 MREMP50a64 - ok
15:24:15.0544 1124 MREMPR5 - ok
15:24:15.0544 1124 MRENDIS5 - ok
15:24:15.0607 1124 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:24:15.0653 1124 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:24:15.0653 1124 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:24:15.0669 1124 MRESP50a64 - ok
15:24:15.0763 1124 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:24:15.0872 1124 MRxDAV - ok
15:24:15.0919 1124 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:24:16.0043 1124 mrxsmb - ok
15:24:16.0309 1124 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:24:16.0371 1124 mrxsmb10 - ok
15:24:16.0465 1124 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:24:16.0511 1124 mrxsmb20 - ok
15:24:16.0558 1124 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
15:24:16.0574 1124 msahci - ok
15:24:16.0605 1124 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:24:16.0621 1124 msdsm - ok
15:24:16.0714 1124 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:24:16.0761 1124 MSDTC - ok
15:24:16.0808 1124 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:24:16.0855 1124 Msfs - ok
15:24:16.0886 1124 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:24:16.0917 1124 msisadrv - ok
15:24:16.0964 1124 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:24:16.0995 1124 MSiSCSI - ok
15:24:17.0011 1124 msiserver - ok
15:24:17.0089 1124 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:24:17.0135 1124 MSKSSRV - ok
15:24:17.0167 1124 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:24:17.0213 1124 MSPCLOCK - ok
15:24:17.0307 1124 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:24:17.0385 1124 MSPQM - ok
15:24:17.0541 1124 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:24:17.0588 1124 MsRPC - ok
15:24:17.0666 1124 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:24:17.0681 1124 mssmbios - ok
15:24:17.0822 1124 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:24:17.0884 1124 MSTEE - ok
15:24:17.0962 1124 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:24:17.0993 1124 Mup - ok
15:24:18.0181 1124 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
15:24:18.0196 1124 N360 - ok
15:24:18.0383 1124 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:24:18.0446 1124 napagent - ok
15:24:18.0524 1124 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:24:18.0539 1124 NativeWifiP - ok
15:24:18.0727 1124 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVENG.SYS
15:24:18.0742 1124 NAVENG - ok
15:24:18.0867 1124 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVEX15.SYS
15:24:18.0961 1124 NAVEX15 - ok
15:24:19.0163 1124 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:24:19.0226 1124 NDIS - ok
15:24:19.0304 1124 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:24:19.0335 1124 NdisTapi - ok
15:24:19.0382 1124 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:24:19.0413 1124 Ndisuio - ok
15:24:19.0538 1124 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:24:19.0600 1124 NdisWan - ok
15:24:19.0631 1124 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:24:19.0663 1124 NDProxy - ok
15:24:19.0694 1124 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:24:19.0741 1124 NetBIOS - ok
15:24:19.0787 1124 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:24:19.0850 1124 netbt - ok
15:24:19.0897 1124 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:24:19.0912 1124 Netlogon - ok
15:24:19.0959 1124 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:24:20.0006 1124 Netman - ok
15:24:20.0037 1124 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:24:20.0099 1124 netprofm - ok
15:24:20.0193 1124 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:24:20.0224 1124 NetTcpPortSharing - ok
15:24:20.0271 1124 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:24:20.0287 1124 nfrd960 - ok
15:24:20.0318 1124 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:24:20.0349 1124 NlaSvc - ok
15:24:20.0380 1124 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:24:20.0427 1124 Npfs - ok
15:24:20.0505 1124 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:24:20.0552 1124 nsi - ok
15:24:20.0599 1124 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:24:20.0661 1124 nsiproxy - ok
15:24:21.0441 1124 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:24:21.0659 1124 Ntfs - ok
15:24:21.0691 1124 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:24:21.0753 1124 ntrigdigi - ok
15:24:21.0784 1124 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:24:21.0847 1124 Null - ok
15:24:21.0987 1124 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:24:22.0003 1124 nvraid - ok
15:24:22.0096 1124 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:24:22.0143 1124 nvstor - ok
15:24:22.0283 1124 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:24:22.0315 1124 nv_agp - ok
15:24:22.0315 1124 NwlnkFlt - ok
15:24:22.0330 1124 NwlnkFwd - ok
15:24:22.0876 1124 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:24:23.0063 1124 odserv - ok
15:24:23.0173 1124 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:24:23.0251 1124 ohci1394 - ok
15:24:23.0469 1124 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:24:23.0500 1124 ose - ok
15:24:24.0202 1124 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:24:24.0358 1124 p2pimsvc - ok
15:24:24.0374 1124 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:24:24.0452 1124 p2psvc - ok
15:24:24.0545 1124 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:24:24.0623 1124 Parport - ok
15:24:24.0779 1124 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
15:24:24.0811 1124 partmgr - ok
15:24:25.0091 1124 Partner Service (3c6e7d73b0e9bc21d5e4b531ab7ec091) C:\ProgramData\Partner\partner.exe
15:24:25.0216 1124 Partner Service - ok
15:24:25.0247 1124 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:24:25.0341 1124 Parvdm - ok
15:24:25.0419 1124 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:24:25.0466 1124 PcaSvc - ok
15:24:25.0778 1124 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:24:25.0825 1124 pci - ok
15:24:25.0934 1124 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
15:24:25.0949 1124 pciide - ok
15:24:26.0199 1124 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:24:26.0246 1124 pcmcia - ok
15:24:27.0213 1124 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:24:27.0525 1124 PEAUTH - ok
15:24:29.0569 1124 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:24:30.0583 1124 pla - ok
15:24:31.0846 1124 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:24:31.0955 1124 PlugPlay - ok
15:24:32.0533 1124 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:24:32.0673 1124 PNRPAutoReg - ok
15:24:32.0689 1124 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:24:32.0813 1124 PNRPsvc - ok
15:24:33.0344 1124 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:24:33.0453 1124 PolicyAgent - ok
15:24:33.0703 1124 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:24:33.0765 1124 PptpMiniport - ok
15:24:33.0843 1124 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:24:33.0905 1124 Processor - ok
15:24:34.0249 1124 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:24:34.0280 1124 ProfSvc - ok
15:24:34.0405 1124 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:24:34.0467 1124 ProtectedStorage - ok
15:24:34.0545 1124 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:24:34.0592 1124 PSched - ok
15:24:34.0779 1124 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
15:24:34.0795 1124 PxHelp20 - ok
15:24:36.0448 1124 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:24:37.0743 1124 ql2300 - ok
15:24:37.0915 1124 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:24:37.0961 1124 ql40xx - ok
15:24:38.0227 1124 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:24:38.0367 1124 QWAVE - ok
15:24:38.0461 1124 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:24:38.0507 1124 QWAVEdrv - ok
15:24:38.0570 1124 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:24:38.0617 1124 RasAcd - ok
15:24:38.0804 1124 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:24:38.0897 1124 RasAuto - ok
15:24:39.0038 1124 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:24:39.0116 1124 Rasl2tp - ok
15:24:39.0755 1124 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:24:39.0802 1124 RasMan - ok
15:24:39.0896 1124 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:24:39.0958 1124 RasPppoe - ok
15:24:40.0021 1124 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:24:40.0067 1124 RasSstp - ok
15:24:40.0395 1124 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:24:40.0457 1124 rdbss - ok
15:24:40.0520 1124 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:24:40.0582 1124 RDPCDD - ok
15:24:41.0128 1124 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:24:41.0393 1124 rdpdr - ok
15:24:41.0627 1124 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:24:42.0002 1124 RDPENCDD - ok
15:24:42.0860 1124 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
15:24:43.0031 1124 RDPWD - ok
15:24:43.0375 1124 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:24:43.0499 1124 RemoteAccess - ok
15:24:43.0702 1124 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:24:43.0780 1124 RemoteRegistry - ok
15:24:43.0827 1124 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:24:43.0889 1124 RpcLocator - ok
15:24:44.0716 1124 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:24:44.0794 1124 RpcSs - ok
15:24:44.0857 1124 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:24:44.0966 1124 rspndr - ok
15:24:45.0247 1124 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:24:45.0293 1124 RTL8169 - ok
15:24:45.0496 1124 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
15:24:45.0559 1124 RTSTOR - ok
15:24:45.0683 1124 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:24:45.0715 1124 SamSs - ok
15:24:45.0902 1124 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:24:45.0917 1124 SASDIFSV - ok
15:24:46.0027 1124 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:24:46.0058 1124 SASKUTIL - ok
15:24:46.0167 1124 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:24:46.0198 1124 sbp2port - ok
15:24:46.0417 1124 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
15:24:46.0463 1124 SBRE - ok
15:24:46.0573 1124 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:24:46.0635 1124 SCardSvr - ok
15:24:47.0321 1124 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:24:47.0867 1124 Schedule - ok
15:24:48.0117 1124 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:24:48.0148 1124 SCPolicySvc - ok
15:24:48.0211 1124 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:24:48.0819 1124 SDRSVC - ok
15:24:48.0928 1124 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:24:49.0381 1124 secdrv - ok
15:24:49.0599 1124 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:24:49.0630 1124 seclogon - ok
15:24:49.0724 1124 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:24:49.0786 1124 SENS - ok
15:24:49.0864 1124 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:24:49.0942 1124 Serenum - ok
15:24:50.0036 1124 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:24:50.0098 1124 Serial - ok
15:24:50.0176 1124 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:24:50.0239 1124 sermouse - ok
15:24:50.0395 1124 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:24:50.0426 1124 SessionEnv - ok
15:24:50.0785 1124 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:24:50.0863 1124 sffdisk - ok
15:24:50.0894 1124 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:24:50.0956 1124 sffp_mmc - ok
15:24:50.0987 1124 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:24:51.0050 1124 sffp_sd - ok
15:24:51.0097 1124 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:24:51.0221 1124 sfloppy - ok
15:24:51.0502 1124 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:24:51.0658 1124 SharedAccess - ok
15:24:52.0001 1124 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:24:52.0157 1124 ShellHWDetection - ok
15:24:52.0251 1124 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:24:52.0282 1124 sisagp - ok
15:24:52.0360 1124 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:24:52.0407 1124 SiSRaid2 - ok
15:24:52.0516 1124 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:24:52.0563 1124 SiSRaid4 - ok
15:24:56.0135 1124 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:24:58.0538 1124 slsvc - ok
15:24:59.0739 1124 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:24:59.0786 1124 SLUINotify - ok
15:25:00.0067 1124 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:25:00.0129 1124 Smb - ok
15:25:00.0207 1124 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:25:00.0254 1124 SNMPTRAP - ok
15:25:18.0662 1124 SNP2STD (419c9a8dce47328f8683eefe86f71308) C:\Windows\system32\DRIVERS\snp2sxp.sys
15:25:22.0141 1124 SNP2STD - ok
15:25:23.0061 1124 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:25:23.0279 1124 spldr - ok
15:25:23.0685 1124 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:25:23.0732 1124 Spooler - ok
15:25:23.0857 1124 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS
15:25:23.0950 1124 SRTSP - ok
15:25:23.0981 1124 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS
15:25:23.0997 1124 SRTSPX - ok
15:25:24.0059 1124 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:25:24.0122 1124 srv - ok
15:25:24.0184 1124 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:25:24.0278 1124 srv2 - ok
15:25:24.0309 1124 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:25:24.0371 1124 srvnet - ok
15:25:24.0418 1124 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:25:24.0465 1124 SSDPSRV - ok
15:25:24.0574 1124 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:25:24.0621 1124 SstpSvc - ok
15:25:24.0808 1124 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:25:24.0871 1124 stisvc - ok
15:25:24.0933 1124 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:25:24.0964 1124 swenum - ok
15:25:25.0214 1124 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:25:25.0276 1124 swprv - ok
15:25:25.0370 1124 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:25:25.0385 1124 Symc8xx - ok
15:25:25.0604 1124 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602010.005\SYMDS.SYS
15:25:25.0838 1124 SymDS - ok
15:25:25.0963 1124 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602010.005\SYMEFA.SYS
15:25:26.0087 1124 SymEFA - ok
15:25:26.0150 1124 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:25:26.0165 1124 SymEvent - ok
15:25:26.0259 1124 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS
15:25:26.0275 1124 SymIRON - ok
15:25:26.0353 1124 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS
15:25:26.0384 1124 SYMTDIv - ok
15:25:26.0462 1124 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:25:26.0477 1124 Sym_hi - ok
15:25:26.0524 1124 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:25:26.0540 1124 Sym_u3 - ok
15:25:26.0649 1124 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
15:25:26.0680 1124 SynTP - ok
15:25:26.0743 1124 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:25:26.0805 1124 SysMain - ok
15:25:26.0836 1124 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:25:26.0867 1124 TabletInputService - ok
15:25:26.0930 1124 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:25:26.0961 1124 TapiSrv - ok
15:25:26.0992 1124 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:25:27.0023 1124 TBS - ok
15:25:27.0211 1124 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
15:25:27.0304 1124 Tcpip - ok
15:25:27.0320 1124 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
15:25:27.0398 1124 Tcpip6 - ok
15:25:27.0460 1124 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:25:27.0507 1124 tcpipreg - ok
15:25:27.0554 1124 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:25:27.0585 1124 tdcmdpst - ok
15:25:27.0616 1124 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:25:27.0694 1124 TDPIPE - ok
15:25:27.0741 1124 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:25:27.0803 1124 TDTCP - ok
15:25:27.0835 1124 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:25:27.0881 1124 tdx - ok
15:25:27.0959 1124 TempoMonitoringService (ce0b5d587839614a16480d7b8395ffe9) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
15:25:27.0975 1124 TempoMonitoringService - ok
15:25:28.0053 1124 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:25:28.0069 1124 TermDD - ok
15:25:28.0178 1124 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:25:28.0256 1124 TermService - ok
15:25:28.0334 1124 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:25:28.0349 1124 Themes - ok
15:25:28.0381 1124 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:25:28.0427 1124 THREADORDER - ok
15:25:28.0490 1124 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
15:25:28.0505 1124 TNaviSrv - ok
15:25:28.0537 1124 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
15:25:28.0568 1124 TODDSrv - ok
15:25:28.0646 1124 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:25:28.0708 1124 TosCoSrv - ok
15:25:28.0771 1124 TOSHIBA SMART Log Service (dca621ce31ca604c762001883e385df8) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
15:25:28.0817 1124 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
15:25:28.0817 1124 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
15:25:28.0942 1124 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
15:25:28.0973 1124 tos_sps32 - ok
15:25:29.0005 1124 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:25:29.0051 1124 TrkWks - ok
15:25:29.0161 1124 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:25:29.0176 1124 TrustedInstaller - ok
15:25:29.0223 1124 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:25:29.0254 1124 tssecsrv - ok
15:25:29.0285 1124 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:25:29.0317 1124 tunmp - ok
15:25:29.0363 1124 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:25:29.0395 1124 tunnel - ok
15:25:29.0426 1124 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:25:29.0441 1124 TVALZ - ok
15:25:29.0457 1124 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:25:29.0488 1124 uagp35 - ok
15:25:29.0597 1124 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:25:29.0644 1124 udfs - ok
15:25:29.0816 1124 UDisk Monitor (38bf5592d3ee08b418bf482b34cf8c72) C:\Users\Blaine\AppData\roaming\ZTEDRIVER\release\MonServiceUDisk.exe
15:25:29.0847 1124 UDisk Monitor ( UnsignedFile.Multi.Generic ) - warning
15:25:29.0847 1124 UDisk Monitor - detected UnsignedFile.Multi.Generic (1)
15:25:29.0894 1124 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:25:29.0941 1124 UI0Detect - ok
15:25:30.0081 1124 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
15:25:30.0112 1124 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
15:25:30.0112 1124 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
15:25:30.0159 1124 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:25:30.0175 1124 uliagpkx - ok
15:25:30.0237 1124 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:25:30.0253 1124 uliahci - ok
15:25:30.0284 1124 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:25:30.0315 1124 UlSata - ok
15:25:30.0331 1124 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:25:30.0346 1124 ulsata2 - ok
15:25:30.0409 1124 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:25:30.0455 1124 umbus - ok
15:25:30.0502 1124 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:25:30.0565 1124 upnphost - ok
15:25:30.0596 1124 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:25:30.0643 1124 usbccgp - ok
15:25:30.0689 1124 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:25:30.0767 1124 usbcir - ok
15:25:30.0814 1124 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:25:30.0861 1124 usbehci - ok
15:25:30.0923 1124 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:25:30.0986 1124 usbhub - ok
15:25:31.0017 1124 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:25:31.0079 1124 usbohci - ok
15:25:31.0173 1124 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:25:31.0235 1124 usbprint - ok
15:25:31.0298 1124 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:25:31.0329 1124 usbscan - ok
15:25:31.0407 1124 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:25:31.0454 1124 USBSTOR - ok
15:25:31.0485 1124 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:25:31.0532 1124 usbuhci - ok
15:25:31.0610 1124 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:25:31.0657 1124 usbvideo - ok
15:25:31.0719 1124 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:25:31.0766 1124 UxSms - ok
15:25:31.0859 1124 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:25:31.0969 1124 vds - ok
15:25:32.0031 1124 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:25:32.0078 1124 vga - ok
15:25:32.0125 1124 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:25:32.0171 1124 VgaSave - ok
15:25:32.0203 1124 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:25:32.0234 1124 viaagp - ok
15:25:32.0249 1124 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:25:32.0296 1124 ViaC7 - ok
15:25:32.0327 1124 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:25:32.0343 1124 viaide - ok
15:25:32.0437 1124 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:25:32.0468 1124 volmgr - ok
15:25:32.0593 1124 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:25:32.0624 1124 volmgrx - ok
15:25:32.0686 1124 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:25:32.0717 1124 volsnap - ok
15:25:32.0749 1124 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:25:32.0780 1124 vsmraid - ok
15:25:32.0936 1124 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:25:33.0029 1124 VSS - ok
15:25:33.0154 1124 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:25:33.0248 1124 W32Time - ok
15:25:33.0295 1124 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:25:33.0357 1124 WacomPen - ok
15:25:33.0388 1124 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:25:33.0419 1124 Wanarp - ok
15:25:33.0419 1124 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:25:33.0451 1124 Wanarpv6 - ok
15:25:33.0529 1124 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:25:33.0591 1124 wcncsvc - ok
15:25:33.0653 1124 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:25:33.0700 1124 WcsPlugInService - ok
15:25:33.0731 1124 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:25:33.0747 1124 Wd - ok
15:25:33.0841 1124 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:25:33.0919 1124 Wdf01000 - ok
15:25:33.0950 1124 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:25:34.0012 1124 WdiServiceHost - ok
15:25:34.0028 1124 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:25:34.0059 1124 WdiSystemHost - ok
15:25:34.0121 1124 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:25:34.0184 1124 WebClient - ok
15:25:34.0262 1124 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:25:34.0324 1124 Wecsvc - ok
15:25:34.0355 1124 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:25:34.0418 1124 wercplsupport - ok
15:25:34.0465 1124 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:25:34.0496 1124 WerSvc - ok
15:25:34.0574 1124 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:25:34.0667 1124 winachsf - ok
15:25:34.0792 1124 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:25:34.0823 1124 WinDefend - ok
15:25:34.0839 1124 WinHttpAutoProxySvc - ok
15:25:34.0948 1124 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:25:34.0979 1124 Winmgmt - ok
15:25:35.0245 1124 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:25:35.0354 1124 WinRM - ok
15:25:35.0401 1124 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:25:35.0510 1124 Wlansvc - ok
15:25:35.0853 1124 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:25:36.0274 1124 wlidsvc - ok
15:25:36.0820 1124 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:25:36.0898 1124 WmiAcpi - ok
15:25:37.0054 1124 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:25:37.0117 1124 wmiApSrv - ok
15:25:37.0351 1124 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:25:37.0460 1124 WMPNetworkSvc - ok
15:25:37.0522 1124 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:25:37.0585 1124 WPCSvc - ok
15:25:37.0678 1124 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:25:37.0709 1124 WPDBusEnum - ok
15:25:37.0787 1124 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:25:37.0819 1124 WpdUsb - ok
15:25:38.0037 1124 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:25:38.0099 1124 WPFFontCache_v0400 - ok
15:25:38.0162 1124 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:25:38.0209 1124 ws2ifsl - ok
15:25:38.0271 1124 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:25:38.0318 1124 wscsvc - ok
15:25:38.0318 1124 WSearch - ok
15:25:38.0614 1124 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:25:38.0848 1124 wuauserv - ok
15:25:39.0067 1124 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:25:39.0098 1124 WUDFRd - ok
15:25:39.0145 1124 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:25:39.0176 1124 wudfsvc - ok
15:25:39.0238 1124 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
15:25:39.0269 1124 XAudio - ok
15:25:39.0347 1124 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
15:25:39.0410 1124 XAudioService - ok
15:25:39.0488 1124 ztemtusbser (20f4f87625edddb97b48da66ace7dc8d) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
15:25:39.0550 1124 ztemtusbser - ok
15:25:39.0581 1124 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:25:40.0283 1124 \Device\Harddisk0\DR0 - ok
15:25:40.0283 1124 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:25:44.0183 1124 \Device\Harddisk1\DR1 - ok
15:25:44.0199 1124 Boot (0x1200) (e5c473308dafb3e2cb64094f0e817487) \Device\Harddisk0\DR0\Partition0
15:25:44.0199 1124 \Device\Harddisk0\DR0\Partition0 - ok
15:25:44.0230 1124 Boot (0x1200) (dd99cfda46e60a2f63ac859bafbeb998) \Device\Harddisk0\DR0\Partition1
15:25:44.0246 1124 \Device\Harddisk0\DR0\Partition1 - ok
15:25:44.0246 1124 Boot (0x1200) (d2c9fa006c06f2fe5a2554f6ae3d63b3) \Device\Harddisk1\DR1\Partition0
15:25:44.0246 1124 \Device\Harddisk1\DR1\Partition0 - ok
15:25:44.0246 1124 ============================================================
15:25:44.0246 1124 Scan finished
15:25:44.0246 1124 ============================================================
15:25:44.0261 1856 Detected object count: 8
15:25:44.0261 1856 Actual detected object count: 8
15:26:26.0491 1856 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:26.0491 1856 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:26.0491 1856 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:26.0491 1856 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:26.0491 1856 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:26.0491 1856 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:26.0491 1856 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:26.0491 1856 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:26.0491 1856 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:26.0491 1856 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:26.0491 1856 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:26.0491 1856 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:26.0491 1856 UDisk Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:26.0491 1856 UDisk Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:26.0491 1856 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:26.0491 1856 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:39.0173 4604 Deinitialize success

OTL again:

OTL logfile created on: 29/07/2012 15:27:06 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Blaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 36.83% Memory free
3.98 Gb Paging File | 2.52 Gb Available in Paging File | 63.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 6.16 Gb Free Space | 8.28% Space Free | Partition Type: NTFS
Drive D: | 489.70 Mb Total Space | 1.96 Mb Free Space | 0.40% Space Free | Partition Type: FAT
Drive E: | 73.21 Gb Total Space | 4.95 Gb Free Space | 6.76% Space Free | Partition Type: NTFS

Computer Name: BLAINE-PC | User Name: Blaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 10:30:46 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.exe
PRC - [2012/07/26 23:28:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2012/07/10 00:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccsvchst.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:20:10 | 000,262,144 | ---- | M] () -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER\release\MonServiceUDisk.exe
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 10:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
PRC - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/29 15:20:22 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/29 15:20:22 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/28 20:58:00 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/28 20:58:00 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/06/13 11:43:17 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/13 08:28:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/13 08:22:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 08:22:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/13 08:20:58 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/11 13:57:11 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/11 13:53:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 13:53:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 11:46:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 11:44:51 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/11 11:44:46 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 11:44:36 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2010/03/15 04:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/26 23:28:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/21 16:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/02/27 16:20:10 | 000,262,144 | ---- | M] () [Auto | Running] -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER\release\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2008/08/07 17:54:29 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Blaine\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/27 19:15:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/06/19 01:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 19:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 07:16:39 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 07:16:39 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/25 13:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2012/05/16 08:19:25 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 08:19:25 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/18 10:26:13 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 07:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 07:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX)
DRV - [2012/01/17 23:46:01 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2012/01/17 23:45:57 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
DRV - [2012/01/17 23:45:55 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
DRV - [2012/01/17 23:35:24 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/29 23:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/06 18:04:36 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/20 18:51:14 | 010,446,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope = {0A89C56E-6068-410E-B7EC-36DC53346C8B}
IE - HKLM\..\SearchScopes\{0A89C56E-6068-410E-B7EC-36DC53346C8B}: "URL" = http://www.google.co...g}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3078318
IE - HKLM\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0A89C56E-6068-410E-B7EC-36DC53346C8B}
IE - HKCU\..\SearchScopes\{0A89C56E-6068-410E-B7EC-36DC53346C8B}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/18 10:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/07/29 15:19:47 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://start.iplay.com/?o=shp
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://start.iplay.c...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.iplay.com/?o=shp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_0\
CHR - Extension: Entanglement = C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TdrOxoid] C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdroxoid.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABA7D1C-2245-478F-AC0D-26A25DC02473}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe) - C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 15:20:37 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Blaine\Desktop\tdsskiller.exe
[2012/07/29 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2EC426D4-07B1-46F8-9ADD-A96B52B3B693}
[2012/07/29 14:52:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/29 14:52:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/29 14:52:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/29 14:52:06 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/29 14:48:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/29 14:48:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/29 14:45:57 | 004,721,417 | R--- | C] (Swearware) -- C:\Users\Blaine\Desktop\ComboFix.exe
[2012/07/29 14:43:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Blaine\Desktop\aswMBR.exe
[2012/07/28 23:25:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/28 23:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/28 22:32:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EDC14DAA-18F9-4961-92E2-10380B262FD1}
[2012/07/28 22:31:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{3E77D6AB-3FDB-4FAE-A072-4C43C708F71B}
[2012/07/28 20:57:26 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/28 20:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/28 20:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/28 20:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/28 20:56:48 | 018,839,200 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Blaine\Desktop\SAS_7731690.EXE
[2012/07/28 17:13:42 | 000,101,112 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/07/28 17:13:42 | 000,042,864 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2012/07/28 17:13:23 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/07/28 16:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/28 11:44:13 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.com
[2012/07/28 10:46:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\Desktop\avg
[2012/07/28 10:46:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\Desktop\super antispyware portable
[2012/07/28 10:39:49 | 000,000,000 | ---D | C] -- C:\Users\Blaine\Desktop\last resort scanner
[2012/07/28 10:35:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\Desktop\rkill and exehelper
[2012/07/28 10:30:43 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.exe
[2012/07/28 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{403CABCB-E0F2-426D-96D8-B1B3F3831002}
[2012/07/28 09:07:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7D39817E-8327-4896-9A6E-13ED48CEFEB3}
[2012/07/28 01:29:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{32D5344F-5F51-4B65-89CD-F5807556BE2A}
[2012/07/27 19:15:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/27 15:53:18 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\laacnlyp
[2012/07/27 11:20:47 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{51478703-3743-475E-9959-9B2F66B377E2}
[2012/07/27 11:20:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{AE50A433-B0F6-44AE-8D1D-79EAD088DC3A}
[2012/07/26 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0DF2DAF9-5048-40EB-A197-FCDF2FE9C1F2}
[2012/07/26 23:19:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C47D8431-6F46-4459-ADC7-38DEE630BB64}
[2012/07/26 11:19:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{721E4EEF-A17B-4FD9-8848-A5E8DB9A5869}
[2012/07/26 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2437EA5F-6CB0-428E-B284-4ABB6600D7D2}
[2012/07/25 23:19:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5F131194-C97B-4F9D-8AFD-AC49EAA91E41}
[2012/07/25 23:18:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5B0388A6-8CFB-409E-8B89-7218A455805A}
[2012/07/25 11:14:39 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EFAB5FAB-8F09-40A7-94A2-76BFC83FE368}
[2012/07/25 11:14:28 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{76BF1D83-0F0C-4507-A504-7B9116829DF4}
[2012/07/24 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A3D14C27-DE79-4131-9ACF-78B854D286F8}
[2012/07/24 23:13:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{930481DC-1BCB-4D5E-B904-E28B2D9C83B7}
[2012/07/24 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DA2E512A-6DC0-4C26-AAD8-50B15793486C}
[2012/07/24 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{CE1A6B5E-A837-47E3-83EF-1DFEF5234E84}
[2012/07/23 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{21322686-A50C-47A0-99E9-D5C15AEFD913}
[2012/07/23 23:12:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{CF7039B7-7E6A-44D2-87EA-2344C65F2918}
[2012/07/23 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2D26B34A-4FC3-4B00-90B3-E0C96C1D529B}
[2012/07/23 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D0B90317-4A5C-42E3-AA64-61AFFBAE4527}
[2012/07/22 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{684D01E0-E71D-4542-8ACC-FB2797CEEE8C}
[2012/07/22 22:09:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5F9F48ED-9C0B-445A-BC4E-3D46CEB9F523}
[2012/07/22 10:09:31 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2FE2B905-9B3A-45A1-84FA-D984A88A7881}
[2012/07/22 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{08BF2E8F-4B52-490C-B86F-595BA5EDA889}
[2012/07/21 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{38CE05A8-1433-4CD0-AD61-689F2787CEDF}
[2012/07/21 16:59:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{28BC298F-851A-4E3E-A4BE-5C8190BB3456}
[2012/07/20 23:18:22 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{47C95673-AB3F-416D-9B23-722845FD8D76}
[2012/07/20 23:18:10 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{40BAFCD4-EAF6-4FDE-8161-EFAF1A3C38DF}
[2012/07/20 10:45:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{56BC0AB0-68FE-468E-AB7A-4094B0D65A0C}
[2012/07/20 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{13DF71D6-A8E7-41C0-82EC-95AEEE52D71E}
[2012/07/19 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{68548B9F-17B8-443E-BDA3-A762C1875A45}
[2012/07/19 22:44:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8D6C7403-5948-441C-9311-3114F8293E80}
[2012/07/19 10:44:23 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F3E4924C-ADCF-4651-B813-D0A903CFF077}
[2012/07/19 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D0C459B2-60F0-4FCF-BAFF-788AAFDCEB4E}
[2012/07/18 22:43:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{72BF9D41-9949-4AD8-BC4B-805CC0C4F832}
[2012/07/18 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{81F98A7C-41CA-423F-94FA-B60AFA27B2AB}
[2012/07/18 12:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2012/07/18 10:13:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A22A02B3-98BF-443F-8254-3CC5C4559353}
[2012/07/18 10:11:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{ED056EE7-B600-466D-99D7-9C9BD31AA555}
[2012/07/17 21:27:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7642C882-603F-4510-AEBF-426C0B136452}
[2012/07/17 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EAC6A4E6-6917-4680-8BFA-10839EB0AC46}
[2012/07/17 09:26:33 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6C8CA0D4-49AC-4BFD-A7A8-617DE65566FC}
[2012/07/17 09:26:22 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{259F1395-1FBE-4F5C-85C7-F022180A45F7}
[2012/07/16 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6134F63C-BE42-40D0-AC1A-3BC530A66FB1}
[2012/07/16 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9F66C947-6006-4C52-B20C-38BF933C0D40}
[2012/07/16 09:25:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8569DF4C-6F4F-47C9-9460-FCCDE5298EDE}
[2012/07/16 09:25:06 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{80861E90-5528-43FC-8AFB-86C05FAAAFCF}
[2012/07/15 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{35448B10-DBC9-45CA-BE44-F6DE2DB769F3}
[2012/07/15 21:24:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B79B309D-2971-4464-AC15-609BAF61E54C}
[2012/07/15 09:24:02 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{3619ADF9-B91D-4F07-BD4E-2A410D95EBD5}
[2012/07/15 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C22A4EE8-519A-4F7B-888E-20EF04FF30A0}
[2012/07/14 13:25:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B04078C1-F75D-437D-B934-AF37B3DA0599}
[2012/07/14 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0E59A09D-6273-4CF7-B51D-F0A8EB670B38}
[2012/07/14 01:24:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E784DEC2-0052-4809-B68A-7C9593F23490}
[2012/07/14 01:24:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B15BC22C-66F4-4A2B-AD51-1D319B0989E4}
[2012/07/13 13:24:21 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{799DABB7-D191-46DB-A532-25CAF1A42142}
[2012/07/13 13:23:48 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A0DE03D8-060F-4EA8-B58D-1596462BA090}
[2012/07/13 01:23:17 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{208F7C2B-EE9F-4075-9FF2-02C9D4997FDE}
[2012/07/13 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F6C5B564-6529-49BA-98A5-C77309CC8641}
[2012/07/12 13:22:52 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C3D8106A-398A-4848-86B4-B795143DA3A8}
[2012/07/12 13:22:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{88AA7A01-CC27-4172-A548-F93304186977}
[2012/07/12 01:22:19 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C5D8F0BD-41EA-4EC5-B3A6-FCF9C171C213}
[2012/07/12 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E3D28E87-D58B-4BDF-BB59-5A032EF1711D}
[2012/07/11 11:46:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5FDC5B3B-6B2E-4551-B72E-5DA91ADB0EDC}
[2012/07/11 11:46:12 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9B4ED76B-B9FC-4989-A4D2-9201F78593C0}
[2012/07/10 23:48:30 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 23:45:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D02D9EE6-0FBA-4D28-8BB4-CEA2E7389473}
[2012/07/10 23:45:28 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C9912BB3-966A-47EE-B46E-EE4C320C84F2}
[2012/07/10 23:44:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/10 23:44:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/10 23:44:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/10 23:44:42 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/10 23:44:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/10 23:44:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/10 23:44:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/10 23:35:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E3E5C3BD-EED1-433A-87C0-517999784B49}
[2012/07/10 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5C0DD0A7-8214-4E98-BC4E-05DCBC8D1641}
[2012/07/09 19:08:23 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0736BD0E-3609-483F-99D8-5B58909B7861}
[2012/07/09 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{97A6B70A-19CE-4CFF-A9E2-A86E62F76C7F}
[2012/07/08 23:38:29 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{1ADB49BC-9B88-4697-BDFF-01AB7BA35740}
[2012/07/08 23:38:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{4F7C4F9A-03B6-439C-9E9C-AF059EA7BCFA}
[2012/07/08 11:38:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F5B08DA2-8E60-4AD7-B885-157484943E57}
[2012/07/08 11:37:52 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{33B3476D-75FB-4A65-9B04-E04859E2C98A}
[2012/07/07 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{50193F45-4B9A-43E7-AA7C-302D2C4C6677}
[2012/07/07 23:37:13 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{81373DF9-F447-4478-B31E-1062D70E46F6}
[2012/07/07 11:36:58 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{70C9D3EB-4990-4A6A-B27A-9F6B87AEAD3B}
[2012/07/07 11:35:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{803F15CC-8E9C-4E0A-AE65-71FA5020D532}
[2012/07/06 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2829D2CD-989A-41AD-8929-511F3B7994A3}
[2012/07/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F3A5B812-0BCA-41C7-8691-F3162D0973E6}
[2012/07/06 10:25:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{805430EA-26C9-4589-A9E0-ED40B30096E2}
[2012/07/06 10:25:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E7E7CAB7-8153-4D53-AD0A-15F0E89C067B}
[2012/07/05 18:25:15 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DDABB8CC-709D-4EFD-B4F8-90991B007279}
[2012/07/05 18:24:59 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8E8BDCDD-4CEB-49B4-9262-A34D4667D6DA}
[2012/07/04 01:01:48 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{736FB5C3-E222-49CF-B1F7-A1C9571E54E2}
[2012/07/04 01:01:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{FA6B7823-FBB1-4015-83A4-93AA88A35CC2}
[2012/07/03 12:03:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DDB95FF0-1A20-452D-9B35-0AD42F4EA70D}
[2012/07/03 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{15D8C447-842B-458B-BCED-3BE800E444B2}
[2012/07/03 00:02:30 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{44E35712-9367-4FC9-9DD4-68107E88E780}
[2012/07/03 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B3D5F3E1-3A35-4A27-ADD7-2F6A35923344}
[2012/07/02 12:01:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8DAED965-14E6-4E95-A545-6F8635B9746C}
[2012/07/02 12:01:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{BD76DDF7-C30C-48CD-B628-80BACA525A59}
[2012/07/02 00:01:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C7E3A918-0DDF-4A34-B093-F242C0EE0B50}
[2012/07/02 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D3845F0A-A0BB-4C1A-B7BB-8CA4973F59C9}
[2012/07/01 12:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6C95136A-DE3D-46D4-A1FB-ED8E3C12293E}
[2012/07/01 11:59:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0ED5AA7B-E5E5-4FB7-BB32-BD6D36E71ADA}
[2012/06/30 23:06:24 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{01A9D32C-46B9-4A12-BD16-7C9118E14560}
[2012/06/30 23:06:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9A1A0072-EDD6-41AC-B71A-3B614CE5662C}
[2012/06/30 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EC6980FE-2A6A-43A4-9AD5-378BD8B131C8}
[2012/06/30 11:05:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{ABA68842-063A-4AF8-9193-2BD47E86F4DF}
[2012/06/29 22:00:02 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{527BF8AF-17A9-42B7-8205-1787DCDDCE84}
[2012/06/29 21:59:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{AEF547DD-149C-4460-89CD-A412C7F3E5FF}
[2009/06/01 00:29:56 | 000,210,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Blaine\uninstall_flash_player.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/29 15:27:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 15:17:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 15:17:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 15:17:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 15:17:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 15:17:02 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 14:45:33 | 000,000,512 | ---- | M] () -- C:\Users\Blaine\Desktop\MBR.dat
[2012/07/29 14:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/29 14:34:17 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bd205a50-8c4b-42bd-810f-54151a464ce9.job
[2012/07/29 13:03:42 | 000,061,440 | ---- | M] ( ) -- C:\Users\Blaine\Desktop\VEW.exe
[2012/07/29 13:03:18 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Blaine\Desktop\tdsskiller.exe
[2012/07/29 13:03:04 | 004,721,417 | R--- | M] (Swearware) -- C:\Users\Blaine\Desktop\ComboFix.exe
[2012/07/29 13:02:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Blaine\Desktop\aswMBR.exe
[2012/07/29 08:23:38 | 000,220,672 | ---- | M] () -- C:\Users\Blaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/29 08:14:24 | 000,621,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/29 08:14:22 | 000,114,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/29 08:06:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/29 03:38:57 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c2976353-e0a7-4b00-a0dd-7b4004425363.job
[2012/07/28 20:57:10 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/28 10:47:06 | 018,839,200 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Blaine\Desktop\SAS_7731690.EXE
[2012/07/28 10:44:28 | 114,651,136 | ---- | M] () -- C:\Users\Blaine\Desktop\VIPRERescue12388.exe
[2012/07/28 10:37:04 | 001,012,656 | ---- | M] () -- C:\Users\Blaine\Desktop\rkill.exe
[2012/07/28 10:35:42 | 000,294,400 | ---- | M] () -- C:\Users\Blaine\Desktop\exeHelper.com
[2012/07/28 10:31:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.com
[2012/07/28 10:30:46 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.exe
[2012/07/28 01:27:47 | 000,360,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/27 19:35:37 | 000,183,538 | ---- | M] () -- C:\Users\Blaine\Documents\cc_20120727_193520.reg
[2012/07/27 19:15:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/27 15:53:07 | 000,093,608 | --S- | M] () -- C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdroxoid.exe
[2012/07/26 23:28:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/26 23:28:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/11 19:40:55 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/03 00:36:54 | 000,596,323 | ---- | M] () -- C:\Users\Blaine\Desktop\CV BLAINE HOLLOWAY TEACHING.pdf
[2012/07/03 00:36:28 | 000,390,953 | ---- | M] () -- C:\Users\Blaine\Desktop\CV BLAINE HOLLOWAY BUSINESS.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 15:20:46 | 000,061,440 | ---- | C] ( ) -- C:\Users\Blaine\Desktop\VEW.exe
[2012/07/29 14:52:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/29 14:52:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/29 14:52:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/29 14:52:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/29 14:52:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/29 14:45:33 | 000,000,512 | ---- | C] () -- C:\Users\Blaine\Desktop\MBR.dat
[2012/07/28 20:57:43 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bd205a50-8c4b-42bd-810f-54151a464ce9.job
[2012/07/28 20:57:40 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c2976353-e0a7-4b00-a0dd-7b4004425363.job
[2012/07/28 20:57:10 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/28 17:12:24 | 114,651,136 | ---- | C] () -- C:\Users\Blaine\Desktop\VIPRERescue12388.exe
[2012/07/28 17:08:48 | 000,294,400 | ---- | C] () -- C:\Users\Blaine\Desktop\exeHelper.com
[2012/07/28 11:42:11 | 001,012,656 | ---- | C] () -- C:\Users\Blaine\Desktop\rkill.exe
[2012/07/28 09:05:30 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/27 19:35:29 | 000,183,538 | ---- | C] () -- C:\Users\Blaine\Documents\cc_20120727_193520.reg
[2012/07/27 16:41:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/27 15:53:18 | 000,093,608 | --S- | C] () -- C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdroxoid.exe
[2012/02/09 22:01:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Snape50.bin
[2012/02/09 22:01:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Snape40.bin
[2012/02/09 21:59:35 | 000,032,768 | ---- | C] () -- C:\Windows\System32\snape20.bin
[2011/11/16 04:48:14 | 000,000,680 | ---- | C] () -- C:\Users\Blaine\AppData\Local\d3d9caps.dat
[2011/08/08 10:58:14 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2011/05/19 13:39:31 | 000,001,940 | ---- | C] () -- C:\Users\Blaine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/24 22:15:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 06:53:17 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Unl.exe
[2009/03/09 22:29:21 | 000,220,672 | ---- | C] () -- C:\Users\Blaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

EXTRAS again:

OTL Extras logfile created on: 29/07/2012 15:27:06 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Blaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 36.83% Memory free
3.98 Gb Paging File | 2.52 Gb Available in Paging File | 63.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 6.16 Gb Free Space | 8.28% Space Free | Partition Type: NTFS
Drive D: | 489.70 Mb Total Space | 1.96 Mb Free Space | 0.40% Space Free | Partition Type: FAT
Drive E: | 73.21 Gb Total Space | 4.95 Gb Free Space | 6.76% Space Free | Partition Type: NTFS

Computer Name: BLAINE-PC | User Name: Blaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C43870A-E094-4AFA-93F4-565A9C55BD90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3371B3BE-4F53-40E0-9CA6-49EAAA3C4EF0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3ED58E31-38A9-485B-96CE-23195FB341CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4087031E-E250-4F26-B279-D15CE9FA9A28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B031144-5C1C-4043-A353-7578383DA5DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A08350F3-C7B9-4541-9E35-2F2DD8D9752D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F38EC275-C75F-4F03-8523-B0ED4CDBFD45}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D81EA22-A38F-48A4-B96B-C916438888B2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1E13594B-1277-4C53-8092-0BDC19023C48}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{33F50703-3634-4F42-BC9C-DD22DB202647}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{418D15BB-9094-4045-B4F3-7089DC5904D4}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderservice.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5061C825-EE73-4799-8339-1A653FAB1B3B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5A5AFA51-381B-4A4C-9174-46DFE9B99173}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{6915EDA0-4289-4A64-8888-1A305D7F482D}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderliveud.exe |
"{69D2EE6F-31C1-46F4-BAE8-852D676AD0C0}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{6E3D529F-71CB-400C-A5FB-E8CE14BEDE3D}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{7DF447F1-DF9B-4640-BA78-46F79D3D4AEE}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\xlbugreport.exe |
"{825A7100-C9EB-4186-AC2B-B1959FDD95ED}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderliveud.exe |
"{A03AE41B-B68F-405E-945A-21DA4FBD9E25}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C4E69FA8-8CDB-42B9-A8B3-7027959E2D20}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\xlbugreport.exe |
"{DAEB9E02-5F2E-468C-9382-CB34081F42CD}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderservice.exe |
"{DB36F4A5-E1D5-4794-B64A-9478611AAA81}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{FB5136F3-C621-46EC-A917-B9CB2E00DED8}" = protocol=6 | dir=out | app=system |
"TCP Query User{4EF681EC-3EA1-4489-8911-8220CAEF36E8}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"UDP Query User{5BEB0CA3-F57D-4C8D-8CED-2E4FBA6700AD}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Email Configuration Tool
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21115EF-2B96-44F2-83CB-6347E017AC5F}" = FileOpen Client
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.1
"Yahoo! Applications" = BT Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
"迅雷看看播放器" = 迅雷看看播放器

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/12/2010 07:04:53 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/12/2010 11:00:43 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/12/2010 14:34:31 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 05/12/2010 13:27:05 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/12/2010 14:21:18 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/12/2010 06:27:13 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/12/2010 15:43:34 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/12/2010 08:46:33 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/12/2010 12:51:04 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2010 07:20:27 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 28/07/2012 19:44:37 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 28/07/2012 19:44:37 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 28/07/2012 19:46:52 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 29/07/2012 03:07:14 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29/07/2012 03:12:30 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 29/07/2012 04:13:48 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29/07/2012 04:14:18 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29/07/2012 09:48:23 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 29/07/2012 09:55:23 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 29/07/2012 10:05:24 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >
  • 0

Advertisements

#17
blaineholloway
Posted 29 July 2012 - 09:30 AM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
VEW log (Application):

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/07/2012 16:06:58

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/07/2012 14:46:04
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SYSTEM LOG IS NOT HERE


----------

So everything is working fine now, but the UAC is still saying it is off. I stopped at the stage of removing Norton because I am skekptical to do so, sorry. How can I get the UAC to stay on?
  • 0

#18
RKinner
Posted 29 July 2012 - 10:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Copy the text in the code box by highlighting and Ctrl + c 


:OTL
O4 - HKCU..\Run: [TdrOxoid] C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe ()
O4 - Startup: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdroxoid.exe ()


:files
C:\Users\Blaine\AppData\Local\laacnlyp
C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe 
   
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Try and save the log and copy and paste it into a reply.

Combofix log may now be at C:\Combofix\Combofix.txt
  • 0

#19
blaineholloway
Posted 29 July 2012 - 11:18 AM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TdrOxoid deleted successfully.
C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe moved successfully.
File move failed. C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdroxoid.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Blaine\AppData\Local\laacnlyp folder moved successfully.
File move failed. C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdroxoid.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Blaine
->Flash cache emptied: 2302 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Blaine
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07292012_181042

Files\Folders moved on Reboot...
C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdroxoid.exe moved successfully.

PendingFileRenameOperations files...
File C:\Users\Blaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdroxoid.exe not found!

Registry entries deleted on Reboot...


NO IDEA WHERE THE COMBOFIX TXT IS. THERE IS ONLY A COMBOFIX FILE IN THE C: DRIVE BUT THAT SHOWS ME THE 'COMPUTER' FOLDER WHEN I CLICK ON IT, WHICH IS WEIRD. NOTHING ELSE RELATED TO COMBOFIX IS THERE.
  • 0

#20
blaineholloway
Posted 29 July 2012 - 11:21 AM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Is this it?

ComboFix 12-07-29.02 - Blaine 29/07/2012 14:55:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1915.730 [GMT 1:00]
Running from: C:\Users\Blaine\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



I found that by searching for the combofix.txt file.
  • 0

#21
RKinner
Posted 29 July 2012 - 11:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
That's the start of the Combofix log. Appears that it never finished.

Can you run OTL, Quickscan and post the log? I want to see if the malware we just removed came back.
  • 0

#22
blaineholloway
Posted 29 July 2012 - 02:10 PM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Perhaps the Combofix didn't finish then. The screen was blank with only my wallpaper showing so I assumed it had finished. I disabled my Norton too, but it still prompted me to disable it, but it was already disabled, which I thought was odd. If there's another way to disable it further, I know not what it is.

Here is the OTL log:

OTL logfile created on: 29/07/2012 20:51:35 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Blaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 34.62% Memory free
3.98 Gb Paging File | 2.57 Gb Available in Paging File | 64.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 5.99 Gb Free Space | 8.05% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 4.95 Gb Free Space | 6.76% Space Free | Partition Type: NTFS

Computer Name: BLAINE-PC | User Name: Blaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 10:30:46 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.exe
PRC - [2012/07/10 00:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccsvchst.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/12/14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:20:10 | 000,262,144 | ---- | M] () -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER\release\MonServiceUDisk.exe
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 10:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
PRC - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/29 18:15:09 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/29 18:15:09 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/28 20:58:00 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/28 20:58:00 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/06/13 11:43:17 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/13 08:28:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/13 08:22:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 08:22:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/13 08:20:58 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/11 13:57:11 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/11 13:53:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 13:53:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 11:46:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 11:44:51 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/11 11:44:46 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 11:44:36 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2010/03/15 04:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/26 23:28:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/21 16:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/02/27 16:20:10 | 000,262,144 | ---- | M] () [Auto | Running] -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER\release\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2008/08/07 17:54:29 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Blaine\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/27 19:15:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/06/19 01:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 19:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 07:16:39 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 07:16:39 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/25 13:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2012/05/16 08:19:25 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 08:19:25 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/18 10:26:13 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 07:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 07:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX)
DRV - [2012/01/17 23:46:01 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2012/01/17 23:45:57 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
DRV - [2012/01/17 23:45:55 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
DRV - [2012/01/17 23:35:24 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/29 23:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/06 18:04:36 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/20 18:51:14 | 010,446,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope = {0A89C56E-6068-410E-B7EC-36DC53346C8B}
IE - HKLM\..\SearchScopes\{0A89C56E-6068-410E-B7EC-36DC53346C8B}: "URL" = http://www.google.co...g}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3078318
IE - HKLM\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boxofficemojo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0A89C56E-6068-410E-B7EC-36DC53346C8B}
IE - HKCU\..\SearchScopes\{0A89C56E-6068-410E-B7EC-36DC53346C8B}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/18 10:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/07/29 18:14:57 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://start.iplay.com/?o=shp
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://start.iplay.c...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.iplay.com/?o=shp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_0\
CHR - Extension: Entanglement = C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TdrOxoid] C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABA7D1C-2245-478F-AC0D-26A25DC02473}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 16:43:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\Desktop\Virus Protection
[2012/07/29 15:46:29 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{596DF2C6-64E8-4A5C-8007-8AD723E01950}
[2012/07/29 15:46:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{32E66AC3-050B-4A53-AC95-4CAA2806E6EC}
[2012/07/29 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2EC426D4-07B1-46F8-9ADD-A96B52B3B693}
[2012/07/29 14:52:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/29 14:52:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/29 14:52:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/29 14:52:06 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/29 14:48:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/29 14:48:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/28 23:25:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/28 23:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/28 22:32:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EDC14DAA-18F9-4961-92E2-10380B262FD1}
[2012/07/28 22:31:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{3E77D6AB-3FDB-4FAE-A072-4C43C708F71B}
[2012/07/28 20:57:26 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/28 20:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/28 20:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/28 20:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/28 17:13:42 | 000,101,112 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/07/28 17:13:42 | 000,042,864 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2012/07/28 17:13:23 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/07/28 16:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/28 10:30:43 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.exe
[2012/07/28 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{403CABCB-E0F2-426D-96D8-B1B3F3831002}
[2012/07/28 09:07:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7D39817E-8327-4896-9A6E-13ED48CEFEB3}
[2012/07/28 01:29:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{32D5344F-5F51-4B65-89CD-F5807556BE2A}
[2012/07/27 19:15:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/27 11:20:47 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{51478703-3743-475E-9959-9B2F66B377E2}
[2012/07/27 11:20:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{AE50A433-B0F6-44AE-8D1D-79EAD088DC3A}
[2012/07/26 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0DF2DAF9-5048-40EB-A197-FCDF2FE9C1F2}
[2012/07/26 23:19:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C47D8431-6F46-4459-ADC7-38DEE630BB64}
[2012/07/26 11:19:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{721E4EEF-A17B-4FD9-8848-A5E8DB9A5869}
[2012/07/26 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2437EA5F-6CB0-428E-B284-4ABB6600D7D2}
[2012/07/25 23:19:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5F131194-C97B-4F9D-8AFD-AC49EAA91E41}
[2012/07/25 23:18:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5B0388A6-8CFB-409E-8B89-7218A455805A}
[2012/07/25 11:14:39 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EFAB5FAB-8F09-40A7-94A2-76BFC83FE368}
[2012/07/25 11:14:28 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{76BF1D83-0F0C-4507-A504-7B9116829DF4}
[2012/07/24 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A3D14C27-DE79-4131-9ACF-78B854D286F8}
[2012/07/24 23:13:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{930481DC-1BCB-4D5E-B904-E28B2D9C83B7}
[2012/07/24 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DA2E512A-6DC0-4C26-AAD8-50B15793486C}
[2012/07/24 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{CE1A6B5E-A837-47E3-83EF-1DFEF5234E84}
[2012/07/23 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{21322686-A50C-47A0-99E9-D5C15AEFD913}
[2012/07/23 23:12:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{CF7039B7-7E6A-44D2-87EA-2344C65F2918}
[2012/07/23 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2D26B34A-4FC3-4B00-90B3-E0C96C1D529B}
[2012/07/23 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D0B90317-4A5C-42E3-AA64-61AFFBAE4527}
[2012/07/22 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{684D01E0-E71D-4542-8ACC-FB2797CEEE8C}
[2012/07/22 22:09:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5F9F48ED-9C0B-445A-BC4E-3D46CEB9F523}
[2012/07/22 10:09:31 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2FE2B905-9B3A-45A1-84FA-D984A88A7881}
[2012/07/22 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{08BF2E8F-4B52-490C-B86F-595BA5EDA889}
[2012/07/21 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{38CE05A8-1433-4CD0-AD61-689F2787CEDF}
[2012/07/21 16:59:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{28BC298F-851A-4E3E-A4BE-5C8190BB3456}
[2012/07/20 23:18:22 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{47C95673-AB3F-416D-9B23-722845FD8D76}
[2012/07/20 23:18:10 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{40BAFCD4-EAF6-4FDE-8161-EFAF1A3C38DF}
[2012/07/20 10:45:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{56BC0AB0-68FE-468E-AB7A-4094B0D65A0C}
[2012/07/20 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{13DF71D6-A8E7-41C0-82EC-95AEEE52D71E}
[2012/07/19 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{68548B9F-17B8-443E-BDA3-A762C1875A45}
[2012/07/19 22:44:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8D6C7403-5948-441C-9311-3114F8293E80}
[2012/07/19 10:44:23 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F3E4924C-ADCF-4651-B813-D0A903CFF077}
[2012/07/19 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D0C459B2-60F0-4FCF-BAFF-788AAFDCEB4E}
[2012/07/18 22:43:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{72BF9D41-9949-4AD8-BC4B-805CC0C4F832}
[2012/07/18 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{81F98A7C-41CA-423F-94FA-B60AFA27B2AB}
[2012/07/18 12:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2012/07/18 10:13:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A22A02B3-98BF-443F-8254-3CC5C4559353}
[2012/07/18 10:11:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{ED056EE7-B600-466D-99D7-9C9BD31AA555}
[2012/07/17 21:27:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7642C882-603F-4510-AEBF-426C0B136452}
[2012/07/17 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EAC6A4E6-6917-4680-8BFA-10839EB0AC46}
[2012/07/17 09:26:33 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6C8CA0D4-49AC-4BFD-A7A8-617DE65566FC}
[2012/07/17 09:26:22 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{259F1395-1FBE-4F5C-85C7-F022180A45F7}
[2012/07/16 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6134F63C-BE42-40D0-AC1A-3BC530A66FB1}
[2012/07/16 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9F66C947-6006-4C52-B20C-38BF933C0D40}
[2012/07/16 09:25:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8569DF4C-6F4F-47C9-9460-FCCDE5298EDE}
[2012/07/16 09:25:06 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{80861E90-5528-43FC-8AFB-86C05FAAAFCF}
[2012/07/15 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{35448B10-DBC9-45CA-BE44-F6DE2DB769F3}
[2012/07/15 21:24:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B79B309D-2971-4464-AC15-609BAF61E54C}
[2012/07/15 09:24:02 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{3619ADF9-B91D-4F07-BD4E-2A410D95EBD5}
[2012/07/15 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C22A4EE8-519A-4F7B-888E-20EF04FF30A0}
[2012/07/14 13:25:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B04078C1-F75D-437D-B934-AF37B3DA0599}
[2012/07/14 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0E59A09D-6273-4CF7-B51D-F0A8EB670B38}
[2012/07/14 01:24:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E784DEC2-0052-4809-B68A-7C9593F23490}
[2012/07/14 01:24:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B15BC22C-66F4-4A2B-AD51-1D319B0989E4}
[2012/07/13 13:24:21 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{799DABB7-D191-46DB-A532-25CAF1A42142}
[2012/07/13 13:23:48 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A0DE03D8-060F-4EA8-B58D-1596462BA090}
[2012/07/13 01:23:17 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{208F7C2B-EE9F-4075-9FF2-02C9D4997FDE}
[2012/07/13 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F6C5B564-6529-49BA-98A5-C77309CC8641}
[2012/07/12 13:22:52 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C3D8106A-398A-4848-86B4-B795143DA3A8}
[2012/07/12 13:22:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{88AA7A01-CC27-4172-A548-F93304186977}
[2012/07/12 01:22:19 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C5D8F0BD-41EA-4EC5-B3A6-FCF9C171C213}
[2012/07/12 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E3D28E87-D58B-4BDF-BB59-5A032EF1711D}
[2012/07/11 11:46:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5FDC5B3B-6B2E-4551-B72E-5DA91ADB0EDC}
[2012/07/11 11:46:12 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9B4ED76B-B9FC-4989-A4D2-9201F78593C0}
[2012/07/10 23:45:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D02D9EE6-0FBA-4D28-8BB4-CEA2E7389473}
[2012/07/10 23:45:28 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C9912BB3-966A-47EE-B46E-EE4C320C84F2}
[2012/07/10 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E3E5C3BD-EED1-433A-87C0-517999784B49}
[2012/07/10 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5C0DD0A7-8214-4E98-BC4E-05DCBC8D1641}
[2012/07/09 19:08:23 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0736BD0E-3609-483F-99D8-5B58909B7861}
[2012/07/09 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{97A6B70A-19CE-4CFF-A9E2-A86E62F76C7F}
[2012/07/08 23:38:29 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{1ADB49BC-9B88-4697-BDFF-01AB7BA35740}
[2012/07/08 23:38:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{4F7C4F9A-03B6-439C-9E9C-AF059EA7BCFA}
[2012/07/08 11:38:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F5B08DA2-8E60-4AD7-B885-157484943E57}
[2012/07/08 11:37:52 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{33B3476D-75FB-4A65-9B04-E04859E2C98A}
[2012/07/07 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{50193F45-4B9A-43E7-AA7C-302D2C4C6677}
[2012/07/07 23:37:13 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{81373DF9-F447-4478-B31E-1062D70E46F6}
[2012/07/07 11:36:58 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{70C9D3EB-4990-4A6A-B27A-9F6B87AEAD3B}
[2012/07/07 11:35:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{803F15CC-8E9C-4E0A-AE65-71FA5020D532}
[2012/07/06 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2829D2CD-989A-41AD-8929-511F3B7994A3}
[2012/07/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F3A5B812-0BCA-41C7-8691-F3162D0973E6}
[2012/07/06 10:25:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{805430EA-26C9-4589-A9E0-ED40B30096E2}
[2012/07/06 10:25:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E7E7CAB7-8153-4D53-AD0A-15F0E89C067B}
[2012/07/05 18:25:15 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DDABB8CC-709D-4EFD-B4F8-90991B007279}
[2012/07/05 18:24:59 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8E8BDCDD-4CEB-49B4-9262-A34D4667D6DA}
[2012/07/04 01:01:48 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{736FB5C3-E222-49CF-B1F7-A1C9571E54E2}
[2012/07/04 01:01:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{FA6B7823-FBB1-4015-83A4-93AA88A35CC2}
[2012/07/03 12:03:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DDB95FF0-1A20-452D-9B35-0AD42F4EA70D}
[2012/07/03 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{15D8C447-842B-458B-BCED-3BE800E444B2}
[2012/07/03 00:02:30 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{44E35712-9367-4FC9-9DD4-68107E88E780}
[2012/07/03 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B3D5F3E1-3A35-4A27-ADD7-2F6A35923344}
[2012/07/02 12:01:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8DAED965-14E6-4E95-A545-6F8635B9746C}
[2012/07/02 12:01:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{BD76DDF7-C30C-48CD-B628-80BACA525A59}
[2012/07/02 00:01:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C7E3A918-0DDF-4A34-B093-F242C0EE0B50}
[2012/07/02 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D3845F0A-A0BB-4C1A-B7BB-8CA4973F59C9}
[2012/07/01 12:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6C95136A-DE3D-46D4-A1FB-ED8E3C12293E}
[2012/07/01 11:59:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0ED5AA7B-E5E5-4FB7-BB32-BD6D36E71ADA}
[2012/06/30 23:06:24 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{01A9D32C-46B9-4A12-BD16-7C9118E14560}
[2012/06/30 23:06:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9A1A0072-EDD6-41AC-B71A-3B614CE5662C}
[2012/06/30 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EC6980FE-2A6A-43A4-9AD5-378BD8B131C8}
[2012/06/30 11:05:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{ABA68842-063A-4AF8-9193-2BD47E86F4DF}
[2012/06/29 22:00:02 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{527BF8AF-17A9-42B7-8205-1787DCDDCE84}
[2012/06/29 21:59:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{AEF547DD-149C-4460-89CD-A412C7F3E5FF}
[2009/06/01 00:29:56 | 000,210,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Blaine\uninstall_flash_player.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/29 20:57:04 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bd205a50-8c4b-42bd-810f-54151a464ce9.job
[2012/07/29 20:50:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 20:50:25 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/29 20:50:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 20:50:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 20:50:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 18:13:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 18:13:05 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 16:12:14 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/29 08:23:38 | 000,220,672 | ---- | M] () -- C:\Users\Blaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/29 08:14:24 | 000,621,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/29 08:14:22 | 000,114,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/29 03:38:57 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c2976353-e0a7-4b00-a0dd-7b4004425363.job
[2012/07/28 10:30:46 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.exe
[2012/07/28 01:27:47 | 000,360,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/27 19:35:37 | 000,183,538 | ---- | M] () -- C:\Users\Blaine\Documents\cc_20120727_193520.reg
[2012/07/27 19:15:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/11 19:40:55 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/03 00:36:54 | 000,596,323 | ---- | M] () -- C:\Users\Blaine\Desktop\CV BLAINE HOLLOWAY TEACHING.pdf
[2012/07/03 00:36:28 | 000,390,953 | ---- | M] () -- C:\Users\Blaine\Desktop\CV BLAINE HOLLOWAY BUSINESS.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 14:52:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/29 14:52:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/29 14:52:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/29 14:52:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/29 14:52:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/28 20:57:43 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bd205a50-8c4b-42bd-810f-54151a464ce9.job
[2012/07/28 20:57:40 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c2976353-e0a7-4b00-a0dd-7b4004425363.job
[2012/07/28 09:05:30 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/27 19:35:29 | 000,183,538 | ---- | C] () -- C:\Users\Blaine\Documents\cc_20120727_193520.reg
[2012/07/27 16:41:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/09 22:01:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Snape50.bin
[2012/02/09 22:01:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Snape40.bin
[2012/02/09 21:59:35 | 000,032,768 | ---- | C] () -- C:\Windows\System32\snape20.bin
[2011/11/16 04:48:14 | 000,000,680 | ---- | C] () -- C:\Users\Blaine\AppData\Local\d3d9caps.dat
[2011/08/08 10:58:14 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2011/05/19 13:39:31 | 000,001,940 | ---- | C] () -- C:\Users\Blaine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/24 22:15:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 06:53:17 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Unl.exe
[2009/03/09 22:29:21 | 000,220,672 | ---- | C] () -- C:\Users\Blaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/11/05 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Amazon
[2011/11/26 03:52:08 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\BitZipper
[2010/08/08 03:28:01 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Chinatelecom
[2009/03/08 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Datalayer
[2011/12/15 19:54:56 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Digiarty
[2009/09/16 21:44:50 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\DriverCure
[2011/11/03 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\FileOpen
[2011/04/01 13:28:34 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\GetRightToGo
[2010/10/21 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Moyea
[2009/05/09 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\myphotobook
[2009/03/10 23:57:37 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Nokia
[2011/09/04 04:50:49 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Panasonic
[2009/03/10 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\PC Suite
[2011/09/27 14:04:39 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\SmartDraw
[2012/07/27 19:30:37 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Tencent
[2010/08/08 03:16:38 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER
[2010/08/08 02:38:41 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\ZTEEVDO
[2012/07/29 18:11:41 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/29 20:57:04 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bd205a50-8c4b-42bd-810f-54151a464ce9.job
[2012/07/29 03:38:57 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c2976353-e0a7-4b00-a0dd-7b4004425363.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


---

Is it gone or still here?
  • 0

#23
RKinner
Posted 29 July 2012 - 03:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Something is keeping us from deleting the registry entries tho we managed to delete the files. Can you try Combofix again?
You might have better luck with Combofix in Safe Mode with Networking
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

If that doesn't work then try:

Start, Run, cmd, OK and type with an enter after the line:

"%userprofile%\Desktop\combofix.exe" /killall

(Make sure you put a space before the /killall)

If you can't get Combofix to work then try ESET:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#24
blaineholloway
Posted 29 July 2012 - 05:10 PM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Combofix:

ComboFix 12-07-29.02 - Blaine 29/07/2012 23:41:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1915.805 [GMT 1:00]
Running from: c:\users\Blaine\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe
c:\users\Blaine\AppData\Local\ujehqnda.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 22:49 . 2012-07-29 22:52 -------- d-----w- c:\users\Blaine\AppData\Local\temp
2012-07-29 22:49 . 2012-07-29 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 22:25 . 2012-07-28 22:26 -------- d-----w- c:\programdata\MFAData
2012-07-28 22:25 . 2012-07-28 22:25 -------- d--h--w- c:\programdata\Common Files
2012-07-28 19:57 . 2012-07-28 19:57 -------- d-----w- c:\users\Blaine\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 19:57 . 2012-07-28 19:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-28 19:57 . 2012-07-28 19:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-28 16:13 . 2012-05-25 12:14 42864 ----a-w- c:\windows\system32\sbbd.exe
2012-07-28 16:13 . 2012-05-25 12:14 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-07-28 16:13 . 2012-07-28 19:19 -------- d-----w- C:\VIPRERESCUE
2012-07-28 15:52 . 2012-07-28 15:52 -------- d-----w- C:\_OTL
2012-07-27 18:15 . 2012-07-27 18:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-18 11:06 . 2012-07-18 11:21 -------- d-----w- c:\program files\RAR Password Unlocker
2012-07-10 22:48 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 22:35 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 22:35 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 22:35 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 22:35 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 22:35 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 22:35 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 22:28 . 2012-04-04 05:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 22:28 . 2011-06-12 11:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 08:44 . 2012-07-27 09:28 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19C0EF17-D582-4BF3-A497-5A44063F8CFD}\mpengine.dll
2012-06-05 22:11 . 2012-06-05 22:11 61440 ----a-r- c:\users\Blaine\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-06-05 22:11 . 2012-06-05 22:11 61440 ----a-r- c:\users\Blaine\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-06-05 22:11 . 2012-06-05 22:11 106496 ----a-r- c:\users\Blaine\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-06-05 22:11 . 2012-06-05 22:11 106496 ----a-r- c:\users\Blaine\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-06-05 22:11 . 2010-03-22 11:35 106496 ----a-r- c:\users\Blaine\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-06-02 22:19 . 2012-06-22 08:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 08:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 08:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 08:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 08:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 08:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 08:38 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-22 08:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2012-06-13 06:32 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-01 14:03 . 2012-06-13 06:44 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 11:49 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-09-14 16:56 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileOpenBroker]
2011-10-21 15:08 724352 ----a-w- c:\program files\FileOpen\Services\FileOpenBroker32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-25 13:05 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-10-31 22:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 13:06 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 13:06 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 13:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-06-24 10:06 509816 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2005-10-20 14:18 339968 ----a-w- c:\windows\vsnp2std.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-07 16:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 09:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:28]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 21:14]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 21:14]
.
2012-07-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task bd205a50-8c4b-42bd-810f-54151a464ce9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c2976353-e0a7-4b00-a0dd-7b4004425363.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.boxofficemojo.com/
mStart Page = hxxp://search.myheritage.com
TCP: DhcpNameServer = 192.168.1.254
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4F1C433-F9C3-49F2-8645-37DBECA19E90} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKCU-Run-TdrOxoid - c:\users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TdrOxoid - c:\users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 23:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\users\Blaine\AppData\roaming\ZTEDRIVER\release\MonServiceUDisk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-30 00:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 23:02
.
Pre-Run: 7,560,355,840 bytes free
Post-Run: 7,420,153,856 bytes free
.
- - End Of File - - BDCE2FFC2D1ABFAA0F8830E937A09734
  • 0

#25
blaineholloway
Posted 29 July 2012 - 05:11 PM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I clicked on the shortcut on my desktop for IE and it said that it could not open because iexplore was on the list of registry files set for deletion.

To me that doesn't make sense, but you may know what it means. Also when it rebooted after combofix did it's thing there was a new icon on my desktop called The Internet. I clicked it, but nothing happens. Just thought you should know. Weird behaviour.
  • 0

Advertisements

#26
blaineholloway
Posted 29 July 2012 - 05:15 PM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
BitDefender QuickScan report:


QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Mon Jul 30 00:13:13 2012
Machine ID: 888A013B



No infection found.
-------------------



Processes
---------
Windows® Internet Explorer 532 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3772 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 5188 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Search 5016 C:\Windows\System32\SearchFilterHost.exe


Network activity
----------------
Process iexplore.exe (532) connected on port 80 (HTTP) --> 74.125.132.95
Process iexplore.exe (532) connected on port 80 (HTTP) --> 74.125.132.95
Process iexplore.exe (532) connected on port 80 (HTTP) --> 173.194.34.129
Process iexplore.exe (532) connected on port 80 (HTTP) --> 173.194.34.129
Process iexplore.exe (532) connected on port 80 (HTTP) --> 217.41.223.201
Process iexplore.exe (532) connected on port 443 (HTTP over SSL) --> 173.194.34.128
Process iexplore.exe (532) connected on port 443 (HTTP over SSL) --> 173.194.34.128
Process iexplore.exe (5188) connected on port 80 (HTTP) --> 173.194.34.137
Process iexplore.exe (5188) connected on port 80 (HTTP) --> 173.194.34.137
Process iexplore.exe (5188) connected on port 80 (HTTP) --> 173.194.34.137
Process iexplore.exe (5188) connected on port 80 (HTTP) --> 199.7.48.72
Process iexplore.exe (5188) connected on port 80 (HTTP) --> 23.14.223.139
Process iexplore.exe (5188) connected on port 80 (HTTP) --> 37.59.67.149
Process iexplore.exe (5188) connected on port 80 (HTTP) --> 66.235.143.118
Process iexplore.exe (5188) connected on port 80 (HTTP) --> 66.235.143.118



Autoruns and critical files
---------------------------
Adobe® Flash® Player Update Service C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
CD/DVD Drive Acoustic Silencer C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
Microsoft® Windows® Operating System c:\windows\system32\browseui.dll
SuperAntiSpyware c:\program files\superantispyware\sasseh.dll
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SASTask.exe
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
TOSHIBA Online Product Information C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
TOSHIBA Power Saver C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
Toshiba TEMPRO C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
Toshiba Vista Registration Component C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
Installer Control C:\Windows\Downloaded Program Files\InstallerControl.dll
InstallShield C:\Windows\Downloaded Program Files\isetup.dll
InstallShield C:\Windows\Downloaded Program Files\isetup.EXE
Java™ Platform SE 6 U29 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U29 c:\program files\java\jre6\bin\ssv.dll
Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Motive Plugin C:\Program Files\Common Files\Motive\npMotive.dll
Norton Confidential C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll
Norton Confidential C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
NPTXSSO Dynamic Link Library C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll
Oberon com adapter C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
QQ2011 C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
Symantec Intrusion Detection C:\Program Files\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
Windows Live™ Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\IEFRAME.dll
Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: 897493762a427d94b66a30ee6ab35966 c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: fb01d4ae207b9efdbabfc55dc95c7e31 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: f8b823414a22dbf3bec10dcaa5f93cd8 C:\Program Files\Common Files\Motive\McciCMService.exe
MD5: eb260e1beb8f174d8bb77436bae53bde C:\Program Files\Common Files\Motive\npMotive.dll
MD5: 603eeefcb32003955535ef9418c87bc9 C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
MD5: fce87ba643d5e9a8b6e0378508d1b22d C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
MD5: 115dc729465a8c386615207f28875255 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: 4b2d27a4c42f33adf24f9af9c26bcffe C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll
MD5: 1b8e94804e980e1887b78f542a950e8f C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll
MD5: 332d341d92b933600d41953b08360dfb C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
MD5: f67c49bc836ed4164f365b47cab88f04 C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
MD5: 5b97ab550022b2783894c558fa2e1310 c:\program files\google\google toolbar\googletoolbar_32.dll
MD5: 8f628060daecf76c537bd89a53228d3b C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
MD5: d8db475d7c7a50508071b32561a96b8b C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 7bb2f7eaa85832bfc8d61c506fcf496d C:\Program Files\Internet Explorer\IEShims.dll
MD5: 34b01bbd8f00b6b9c9248dc4f1e3cd01 C:\Program Files\Internet Explorer\iexplore.exe
MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: dc365b6e595683f67bc21a203432e336 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: e725d112498d1365605160e194ed40ef c:\program files\java\jre6\bin\ssv.dll
MD5: 957135960e7533ea5c7ea0bfb34f8efd C:\Program Files\Jumpstart\jswpsapi.exe
MD5: de199f3aa9c541a349af95a5c72a71af C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 711a2e6a55ec7bfd59b5f649d58b704b C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: 8fff33e3f8d71b6eebaf163affbe7bd4 C:\PROGRAM FILES\NORTON 360\ENGINE\6.2.1.5\ASOEHOOK.DLL
MD5: fbbf2f5e550c2c901796bcba57012046 C:\Program Files\Norton 360\Engine\6.2.1.5\buShell.dll
MD5: 632c4e675f09bfc19245735d9ffefde0 C:\Program Files\Norton 360\Engine\6.2.1.5\ccGEvt.dll
MD5: 6d40d0dacff65d3f7577cbc81cfbb448 C:\Program Files\Norton 360\Engine\6.2.1.5\ccIPC.dll
MD5: 2e22619c94664d2514e0dc42a654521f C:\Program Files\Norton 360\Engine\6.2.1.5\ccL110U.dll
MD5: feacb63bd65157f3c3a2b77023980821 C:\Program Files\Norton 360\Engine\6.2.1.5\ccSet.dll
MD5: c6948f034d7edabcfa2234d399fc78bc C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
MD5: c57c26e92e7182d60a026225ee9254a5 C:\Program Files\Norton 360\Engine\6.2.1.5\ccVrTrst.dll
MD5: 45e61d62bbfba49a99d36b82ce17d2ea C:\Program Files\Norton 360\Engine\6.2.1.5\coIDSafe.dll
MD5: 8e90564550214ff2ab781985a54e6f42 C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll
MD5: 301915dff8ea10bb128e2f72b35c0d13 C:\Program Files\Norton 360\Engine\6.2.1.5\coShdObj.dll
MD5: 624f27db7e909d729c71b0f8fc5de9fb C:\Program Files\Norton 360\Engine\6.2.1.5\coUICtlr.dll
MD5: a0ea404da5601adcddb74ae87e04cc03 C:\Program Files\Norton 360\Engine\6.2.1.5\coWPPlg.dll
MD5: d056b34f8300bd363bad97f6573a3f62 C:\Program Files\Norton 360\Engine\6.2.1.5\diArkive.dll
MD5: 521d39167094d40fb7065b76a32cef5c C:\Program Files\Norton 360\Engine\6.2.1.5\EFACli.dll
MD5: 1823bb84fb95d3e4c9a229e16f873b74 C:\Program Files\Norton 360\Engine\6.2.1.5\FFPrefs.dll
MD5: 3cc5e2b69c67b56cd828411737163328 C:\Program Files\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
MD5: e4c90f867b0fa30ed6594584ec6193d0 C:\Program Files\Norton 360\Engine\6.2.1.5\isDataPr.dll
MD5: 6487a19e0ea3228515394a4b1a780b17 C:\Program Files\Norton 360\Engine\6.2.1.5\SYMHTML.DLL
MD5: c0393eb99a6c72c6bef9bfc4a72b33a6 C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
MD5: 39763504067962108505bff25f024345 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
MD5: 77b9fc20084b48408ad3e87570eb4a85 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
MD5: 2975c66459c426c20bc22d639df6b611 c:\program files\superantispyware\sasseh.dll
MD5: 9b4dd5c7508f8f75803ddf3baa4c5139 C:\Program Files\SUPERAntiSpyware\SASTask.exe
MD5: 2ab3a3c80c935bc6c86f3880f8f34bcc C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
MD5: a5e7a68ca8e60b677d75221a200214a7 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MD5: ce0b5d587839614a16480d7b8395ffe9 C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
MD5: 04a49fe5efa859b5a92428a02e0ffe29 C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
MD5: d10d01b2dfcd8d2f32a32ed29e8da1c2 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
MD5: da6903958cbdc091ffcbbca70ccff34c C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
MD5: b0674ae101707d21f9e30484d6465704 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
MD5: 74d358bd3aa79c90c7dad0234792f238 C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
MD5: dca621ce31ca604c762001883e385df8 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
MD5: 5d29764082133f302126c85ab96acb80 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MD5: 89f74c86523f5e334628dbce66e6d165 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
MD5: e1faaf7915bc07352ccf1dff37058414 C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
MD5: b7dc98f6f4e7611a9c0849945fb28fb9 C:\Program Files\Windows Defender\MpOav.dll
MD5: c517e5ea7cee783f3681f62d2a362e5b C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 3374c2a0344be49368dc342329404b49 c:\program files\yahoo!\companion\installs\cpn\yt.dll
MD5: a9e111a358ac5f7eba7ac61e43fc6725 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
MD5: 6262c22a913bd255a0795d070b82aa47 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys
MD5: 7ed3aba1a17bc7f335654b5dbf924e1e C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\Scxpx86.dll
MD5: f11033730b38260b6892e837c457fb4b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVENG.SYS
MD5: 4e4e7c0259d3bb97de24a636c0e06aba C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVEX15.SYS
MD5: 3c6e7d73b0e9bc21d5e4b531ab7ec091 C:\ProgramData\Partner\partner.exe
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
MD5: 41155ca8ba0e48ddb060e378bb213a57 C:\Users\Blaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
MD5: 38bf5592d3ee08b418bf482b34cf8c72 C:\Users\Blaine\AppData\roaming\ZTEDRIVER\release\MonServiceUDisk.exe
MD5: 46e2d72a986dcef5b2827311e3b5c2ec C:\Windows\Downloaded Program Files\InstallerControl.dll
MD5: 90c68ae43007fda5a44a4eccfc0a8d89 C:\Windows\Downloaded Program Files\isetup.dll
MD5: 8217d1033d425ff5770d1de9bd4a5baa C:\Windows\Downloaded Program Files\isetup.EXE
MD5: 56940b50ab0e5923822f47b0e4463885 C:\Windows\Downloaded Program Files\qsax.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: f180ede9cfc3ff218d4b45155119f4d9 C:\Windows\system32\CRYPT32.dll
MD5: f798a893c8c214f74889dbf9d3a412de C:\Windows\system32\cryptnet.dll
MD5: 75c6a297e364014840b48eccd7525e30 C:\Windows\system32\cryptsvc.dll
MD5: e9b39c81c87e5b790fce121da9e02701 C:\Windows\system32\d2d1.dll
MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll
MD5: 5256383d1d266a9eefcdb270340c0e5c C:\Windows\system32\d3d10_1.dll
MD5: a441f5b43eaf4bd4e3acfbe38841b46b C:\Windows\system32\d3d10_1core.dll
MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll
MD5: 4a4c71376eca305d6dea021f1a44816d C:\Windows\system32\D3D10Warp.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 57d762f6f5974af0da2be88a3349baaa C:\Windows\System32\dnsrslvr.dll
MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys
MD5: 997e25f5b7d53c94c0ad2dc080f6868e C:\Windows\system32\DRIVERS\athr.sys
MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys
MD5: 20f4f87625edddb97b48da66ace7dc8d C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
MD5: 622c41a07ca7e6dd91770f50d532cb6c C:\Windows\System32\Drivers\dfsc.sys
MD5: c68ac676b0ef30cfbb1080adce49eb1f C:\Windows\System32\drivers\dxgkrnl.sys
MD5: cbc22823628544735625b280665e434e C:\Windows\system32\DRIVERS\FwLnk.sys
MD5: 0acd399f5db3df1b58903cf4949ab5a8 C:\Windows\system32\DRIVERS\HSX_CNXT.sys
MD5: cc267848cb3508e72762be65734e764d C:\Windows\system32\DRIVERS\HSX_DPV.sys
MD5: a2882945cc4b6e3e4e9e825590438888 C:\Windows\system32\DRIVERS\HSXHWAZL.sys
MD5: db0cc620b27a928d968c1a1e9cd9cb87 C:\Windows\system32\DRIVERS\iaStor.sys
MD5: 6fb1858d1f0923d122b0331865695041 C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: 11ad410f41af42ba12e63187e3ec141a C:\Windows\system32\DRIVERS\jswpslwf.sys
MD5: 4a1445efa932a3baf5bdb02d7131ee20 C:\Windows\System32\Drivers\ksecdd.sys
MD5: b7ca8cc3f978201856b6ab82f40953c3 C:\Windows\system32\drivers\mbam.sys
MD5: 0db7527db188c7d967a37bb51bbf3963 C:\Windows\system32\drivers\mbamswissarmy.sys
MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: f70590424eefbf5c27a40c67afdb8383 C:\Windows\system32\drivers\msahci.sys
MD5: 599e7f6259a127c174c49938d2aa6a60 C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys
MD5: 2c356cca706505cf63cbe39d532b9236 C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS
MD5: 9dd258ee034afd36259cb7357e19d0b1 C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS
MD5: 0cc3a10f363436c7b478419eb73f8d91 C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS
MD5: 690fa0e61b90084c4d9a721bd4f3d779 C:\Windows\system32\drivers\N360\0602010.005\SYMDS.SYS
MD5: 4e55148a2e044d02245cbcdbb266b98c C:\Windows\system32\drivers\N360\0602010.005\SYMEFA.SYS
MD5: 40c6e6417c8b7d7fcf82cfbe71525795 C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS
MD5: b9c2b89f08670e159f7181891e449cd9 C:\Windows\System32\drivers\partmgr.sys
MD5: b9cbd3dea7ca02868621173bf7a2af9f C:\Windows\system32\drivers\RTKVHDA.sys
MD5: 2d19a7469ea19993d0c12e627f4530bc C:\Windows\system32\DRIVERS\Rtlh86.sys
MD5: 9ff7d9cf3a5f296613588b0e8db83afe C:\Windows\system32\drivers\RTSTOR.SYS
MD5: 1fd538c4feb36b793d2121f20bbdc16f C:\Windows\system32\drivers\SBREdrv.sys
MD5: 419c9a8dce47328f8683eefe86f71308 C:\Windows\system32\DRIVERS\snp2sxp.sys
MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys
MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys
MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 74e2521e96176a4449570e50be91954d C:\Windows\system32\Drivers\SYMEVENT.SYS
MD5: 27d470dabc77bc60d0a3b0e4deb6cb91 C:\Windows\System32\drivers\tcpip.sys
MD5: 1825bceb47bf41c5a9f0e44de82fc27a C:\Windows\system32\DRIVERS\tdcmdpst.sys
MD5: 4399a9bf7d8f49991a07fd86590a1619 C:\Windows\system32\DRIVERS\tos_sps32.sys
MD5: 792a8b80f8188aba4b2be271583f3e46 C:\Windows\system32\DRIVERS\TVALZ_O.SYS
MD5: cd5f291a1161f15896d1a4d63daff5df C:\Windows\system32\DRIVERS\xaudio.exe
MD5: dab33cfa9dd24251aaa389ff36b64d4b C:\Windows\system32\DRIVERS\xaudio.sys
MD5: cabd1b34bd05c986b4dbc18bc0e947ee C:\Windows\system32\DWrite.dll
MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\system32\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\system32\Dxtrans.dll
MD5: 8ce364388c8eca59b14b539179276d44 C:\Windows\system32\FntCache.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\system32\ieapfltr.dll
MD5: 8dcdd0b5939043a1ec98c6f168a56b16 C:\Windows\system32\IEFRAME.dll
MD5: c516284de6db833e77cc0e5217cdc6aa C:\Windows\system32\iertutil.dll
MD5: effc2edd5e7bf93d312a2899f06b48ea C:\Windows\system32\IEUI.dll
MD5: 9e816aeedb04745c3f3d74dde90bd79a C:\Windows\system32\igfxdev.dll
MD5: eb49faa5ebbc06356fb12476438781b9 C:\Windows\system32\imagehlp.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: 53cecc958db8f5e8188b1e80042588db C:\Windows\System32\jscript9.dll
MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll
MD5: 35d40113e4a5b961b6ce5c5857702518 C:\Windows\System32\lmhsvc.dll
MD5: a3e186b4b935905b829219502557314e C:\Windows\system32\lsass.exe
MD5: c1ac05bbf42adf50cd9f2a8710dc6ad0 C:\Windows\system32\Macromed\Flash\Flash32_11_3_300_268.ocx
MD5: 6c40d5ed8951ab7b90d08af655224ee4 C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 6820a9e91aff7cb3a510360d8ccd9bdd C:\Windows\system32\MSHTML.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\system32\msvcrt.dll
MD5: 6abd253226770eae1292b4c945ed4b4b C:\Windows\System32\msxml3.dll
MD5: 024528e25bbe8768536861ea09be1672 C:\Windows\System32\msxml6.dll
MD5: 188cc19108b0ebd6332d6628d4ede469 C:\Windows\system32\ncrypt.dll
MD5: 8bb86f0c7eea2bded6fe095d0b4ca9bd C:\Windows\system32\nsisvc.dll
MD5: dda770bbd7c2ed024d6f50e279d90e5b C:\Windows\system32\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll
MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll
MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\system32\OLEAUT32.dll
MD5: 50e3e76b0901bb4fc029bb88bfa5ce79 C:\Windows\system32\schannel.dll
MD5: 1a58069db21d05eb2ab58ee5753ebe8d C:\Windows\system32\schedsvc.dll
MD5: d602fedbd9155fc2ded6863fb60c950f C:\Windows\system32\Secur32.dll
MD5: aaf101900a23d75ae1ae00840fa6f3b8 C:\Windows\system32\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe
MD5: 1bf5eebfd518dd7298434d8c862f825d C:\Windows\System32\srvsvc.dll
MD5: c5ac715b65b01788abc22d10749dddd8 C:\Windows\system32\TODDSrv.exe
MD5: 1408cf9b0dd2aaa80d8e7087c8a2e3bc C:\Windows\system32\urlmon.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll
MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\system32\WINHTTP.dll
MD5: 8e87270c4704cf2951e1e7820d6c8a2b C:\Windows\system32\WININET.dll
MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV
MD5: e253e5da1249a471d913f7ea4c81faf6 C:\Windows\system32\WINTRUST.dll
MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll
MD5: fc3ec24fce372c89423e015a2ac1a31e C:\Windows\system32\wuaueng.dll
MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\xmllite.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: 76eaef4ddebbc7c38853f586c0e91dce C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.01 MB sent, 0.71 KB recvd
Scanned 579 files and modules - 30 seconds

==============================================================================
  • 0

#27
RKinner
Posted 29 July 2012 - 06:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
If you haven't already, please reboot. That should take care of the error message about registry files set for deletion.

Combofix claims it removed our evil friend so let's run OTL, Quickscan and copy and paste the log so I can see if it has stayed away.
  • 0

#28
blaineholloway
Posted 30 July 2012 - 05:50 AM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL has miraculously disappeared.

I will have to download it again I guess.
  • 0

#29
blaineholloway
Posted 30 July 2012 - 05:52 AM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Sigh.

Now it won't let me download again.
  • 0

#30
blaineholloway
Posted 30 July 2012 - 05:53 AM

blaineholloway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
My Norton said that OTL.exe is not safe and has been removed.

What is going on? It was fine yesterday.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP