Thanks for the reply. To be honest, I thought this topic was forgotten, but I can understand about an infulx of search topics.
The current problem is that whenever I perform a google search on Google.com, through my personal favorite browser of Firefox 3.6.23, All my search result links redirect me to get-answers-fast.com/(google search topic). In order to view pages, I have to copy and paste the direct link of the link in order to see even if the page is relevant to my search topic.
I have tried running: MBAM Quick, Full, and Flash scans, AVG Full and Rootkit scans, Kaspersky Virus Removal Tool v11, MicroWorld Anti-Virus Toolkit 11, Spybot-S&S, SUPER Antimalware, TDSS Anti-Rootkit scanner
Along that, I have checked my HOSTS file in drivers/etc to ensure it was clean, Checked Internet Options via Control Panel, Checked Firefox settings via about:config, and checked my Network options via my Wireless card settings in the Network/Sharing center.
My Operating system is a 64bit, so GMER had limited options, and a GMER scan as shown in the thread you linked on how to do was is impossible, as Service, Registry, and Files were the only options not grayed out.
OTL
OTL logfile created on: 10/17/2011 3:02:32 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zach\New folder
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 42.34% Memory free
5.73 Gb Paging File | 3.50 Gb Available in Paging File | 61.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278.32 Gb Total Space | 205.45 Gb Free Space | 73.82% Space Free | Partition Type: NTFS
Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/17 10:05:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\New folder\OTL.exe
PRC - [2011/10/13 21:06:39 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/09/28 19:43:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/10 09:32:14 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/03/09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 04:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/02/24 04:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2008/09/06 08:15:56 | 000,399,360 | ---- | M] (RJL Software, Inc.) -- C:\Users\Zach\Pictures\changepaper\changepaper.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/13 21:06:39 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/10/13 21:06:38 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/10/13 21:06:38 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/10/13 21:06:38 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/10/13 21:06:38 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/09/28 19:43:14 | 001,015,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/09/07 09:22:40 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2010/02/24 04:54:46 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\PGTimeFilter.dll
========== Win32 Services (SafeList) ==========
SRV:
64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:
64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:
64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:
64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:
64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/13 21:06:39 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:
64bit: - [2011/10/05 17:19:20 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\18895940.sys -- (18895940)
DRV:
64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:
64bit: - [2011/07/18 16:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (rtl8192Ce)
DRV:
64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:
64bit: - [2011/04/04 23:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:
64bit: - [2011/03/16 15:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:
64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/03/01 13:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:
64bit: - [2011/02/22 07:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:
64bit: - [2011/02/10 06:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:
64bit: - [2011/01/07 05:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:
64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:
64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:
64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:
64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:
64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2010/07/12 03:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:
64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:
64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:
64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:
64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:
64bit: - [2010/02/22 21:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:
64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:
64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:
64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:
64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:
64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:
64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:
64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:
64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:
64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:
64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:
64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/05 15:15:36 | 000,003,189 | R--- | M] (MicroWorld Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\vreadmem.sys -- (VReadMemDriver)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CD 80 55 04 9B F1 9B 4E 99 68 1F CA 82 A5 88 08 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CD 80 55 04 9B F1 9B 4E 99 68 1F CA 82 A5 88 08 [binary data]
IE - HKU\S-1-5-21-3496865566-1107086353-937524946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
IE - HKU\S-1-5-21-3496865566-1107086353-937524946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3496865566-1107086353-937524946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://start.toshiba.com/g/
IE - HKU\S-1-5-21-3496865566-1107086353-937524946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CD 80 55 04 9B F1 9B 4E 99 68 1F CA 82 A5 88 08 [binary data]
IE - HKU\S-1-5-21-3496865566-1107086353-937524946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3496865566-1107086353-937524946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.4
FF - prefs.js..extensions.enabledItems: firenes@facundo.zaldo:2.0.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {8df9cf13-1fc0-49ed-994f-e634cfe53a42}:1.0
FF - prefs.js..extensions.enabledItems: {8f421401-fb85-4bdd-b1d7-934a7e2355c8}:1.0
FF - prefs.js..network.proxy.type: 0
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Zach\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/09/14 13:06:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/28 19:43:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/28 19:43:16 | 000,000,000 | ---D | M]
[2011/06/13 21:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Extensions
[2011/10/16 21:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\v1aavc7m.default\extensions
[2011/07/20 23:07:31 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\v1aavc7m.default\extensions\{8df9cf13-1fc0-49ed-994f-e634cfe53a42}
[2011/08/21 15:45:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\v1aavc7m.default\extensions\{8f421401-fb85-4bdd-b1d7-934a7e2355c8}
[2011/07/09 01:46:44 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\v1aavc7m.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2011/09/28 18:13:51 | 000,000,000 | ---D | M] ("BetterCache") -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\v1aavc7m.default\extensions\{f8454bbe-519f-4004-85c1-12d1b31988fc}
[2011/07/09 01:46:43 | 000,000,000 | ---D | M] ("FireNes") -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\v1aavc7m.default\extensions\firenes@facundo.zaldo
[2011/10/16 21:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/14 13:06:21 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
========== Chrome ==========
O1 HOSTS File: ([2011/07/24 23:14:17 | 000,000,793 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3496865566-1107086353-937524946-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:
64bit: - HKLM..\Run: [] File not found
O4:
64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:
64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3496865566-1107086353-937524946-1000..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Random Wallpaper Changer.lnk = C:\Users\Zach\Pictures\changepaper\changepaper.exe (RJL Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3496865566-1107086353-937524946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8:
64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F}
http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B79178-1494-44B9-BA94-DD889C4B1FDA}: DhcpNameServer = 172.31.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41262326-251F-4584-ADA1-D05429F554C0}: DhcpNameServer = 192.168.200.1 192.168.200.1
O18:
64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b3281548-9883-11e0-a69d-60eb6980a429}\Shell - "" = AutoRun
O33 - MountPoints2\{b3281548-9883-11e0-a69d-60eb6980a429}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
MsConfig:64bit - StartUpReg:
00TCrdMain - hkey= - key= - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
HSON - hkey= - key= - C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg:
SmoothView - hkey= - key= - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg:
Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg:
Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
TosVolRegulator - hkey= - key= - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
TosWaitSrv - hkey= - key= - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/10/14 20:57:54 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Local\Unity
[2011/10/14 20:56:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2011/10/14 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2011/10/14 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2011/10/12 14:35:20 | 000,000,000 | ---D | C] -- C:\Users\Zach\Desktop\New folder
[2011/10/11 20:14:18 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\SPORE Creature Creator
[2011/10/11 20:14:18 | 000,000,000 | ---D | C] -- C:\Users\Zach\Documents\My Spore Creations
[2011/10/11 20:13:56 | 000,000,000 | RH-D | C] -- C:\Users\Zach\AppData\Roaming\SecuROM
[2011/10/11 11:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/10/10 07:32:56 | 000,000,000 | R--D | C] -- C:\Users\Zach\Favorites
[2011/10/10 00:01:10 | 000,000,000 | R--D | C] -- C:\Users\Zach\Searches
[2011/10/09 22:41:36 | 000,000,000 | ---D | C] -- C:\Users\Zach\Documents\School-Work
[2011/10/09 22:41:28 | 000,000,000 | ---D | C] -- C:\Users\Zach\Documents\Personal
[2011/10/09 21:57:06 | 000,000,000 | ---D | C] -- C:\Users\Zach\My Programs
[2011/10/08 18:42:06 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\.minecraft
[2011/10/08 13:40:44 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\18895940.sys
[2011/10/05 18:26:47 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2011/10/05 15:38:24 | 000,000,000 | ---D | C] -- C:\windows\rundll16.exe
[2011/10/05 15:38:24 | 000,000,000 | ---D | C] -- C:\windows\logo1_.exe
[2011/10/05 15:15:36 | 000,003,189 | R--- | C] (MicroWorld Technologies Inc.) -- C:\windows\SysWow64\drivers\vreadmem.sys
[2011/10/05 15:07:22 | 000,000,000 | ---D | C] -- C:\windows\VDLL.DLL
[2011/10/05 15:07:22 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\runouce.exe
[2011/10/05 15:07:22 | 000,000,000 | ---D | C] -- C:\windows\RUNDL132.EXE
[2011/10/05 15:07:22 | 000,000,000 | ---D | C] -- C:\windows\logo_1.exe
[2011/10/05 15:03:55 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\windows\SysWow64\eEmpty.exe
[2011/10/05 15:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2011/10/05 15:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011/10/05 12:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/28 18:57:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
========== Files - Modified Within 30 Days ==========
[2011/10/17 15:00:12 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/17 15:00:12 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/17 15:00:12 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/17 14:56:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/17 10:09:01 | 000,000,000 | ---- | M] () -- C:\Users\Zach\defogger_reenable
[2011/10/17 07:18:38 | 135,066,656 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/10/16 22:16:02 | 000,311,644 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/14 20:56:03 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/10/14 09:48:18 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/10/12 14:15:17 | 000,662,551 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2011/10/12 13:16:50 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 13:16:50 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 07:32:28 | 000,015,832 | ---- | M] () -- C:\windows\SysNative\results.xml
[2011/10/10 07:31:40 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 10:31:23 | 031,605,152 | ---- | M] () -- C:\Users\Zach\Documents\tc70095000a.exe
[2011/10/08 20:38:46 | 001,995,166 | ---- | M] () -- C:\Users\Zach\Documents\minecraft.jar
[2011/10/08 19:09:00 | 000,270,142 | ---- | M] () -- C:\Users\Zach\Documents\Minecraft.exe
[2011/10/05 18:26:47 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2011/10/05 17:47:56 | 000,179,506 | ---- | M] () -- C:\Users\Zach\Documents\pinfect.zip
[2011/10/05 17:19:20 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\18895940.sys
[2011/10/05 15:15:36 | 000,003,189 | R--- | M] (MicroWorld Technologies Inc.) -- C:\windows\SysWow64\drivers\vreadmem.sys
[2011/10/05 15:15:25 | 000,000,056 | ---- | M] () -- C:\windows\Lic.xxx
[2011/10/05 15:03:54 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\windows\SysWow64\eEmpty.exe
[2011/10/05 15:03:43 | 000,001,022 | ---- | M] () -- C:\Users\Zach\Desktop\MWAVSCAN.lnk
[2011/09/18 10:55:58 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
========== Files Created - No Company Name ==========
[2011/10/17 10:09:01 | 000,000,000 | ---- | C] () -- C:\Users\Zach\defogger_reenable
[2011/10/14 20:56:03 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2011/10/09 00:59:16 | 031,605,152 | ---- | C] () -- C:\Users\Zach\Documents\tc70095000a.exe
[2011/10/08 20:38:46 | 001,995,166 | ---- | C] () -- C:\Users\Zach\Documents\minecraft.jar
[2011/10/08 19:08:43 | 000,270,142 | ---- | C] () -- C:\Users\Zach\Documents\Minecraft.exe
[2011/10/05 17:47:57 | 000,179,506 | ---- | C] () -- C:\Users\Zach\Documents\pinfect.zip
[2011/10/05 15:04:47 | 000,000,056 | ---- | C] () -- C:\windows\Lic.xxx
[2011/10/05 15:03:43 | 000,001,022 | ---- | C] () -- C:\Users\Zach\Desktop\MWAVSCAN.lnk
[2011/09/19 11:57:11 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011/09/07 13:48:37 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/08/08 19:46:27 | 000,000,338 | ---- | C] () -- C:\windows\WPE PRO.INI
[2011/06/21 11:51:52 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/06/17 16:34:49 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2011/06/14 08:12:47 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/07/29 08:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 08:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 08:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 07:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 07:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/10/16 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\.minecraft
[2011/10/03 13:57:09 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Audacity
[2011/06/13 22:47:04 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\AVG10
[2011/10/10 07:30:07 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\SoftGrid Client
[2011/10/17 11:30:12 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\SPORE Creature Creator
[2011/06/27 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\SystemRequirementsLab
[2011/06/13 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Toshiba
[2011/06/14 08:13:54 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\TP
[2011/06/13 20:23:19 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\WinBatch
[2011/08/02 13:18:49 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Wireshark
[2009/07/14 01:08:49 | 000,010,896 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/14 23:45:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/10/10 07:31:40 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 07:31:40 | 3076,374,528 | -HS- | M] () -- C:\pagefile.sys
[2011/07/28 13:23:43 | 000,066,546 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_28.07.2011_14.21.31_log.txt
[2011/08/09 21:06:04 | 000,066,782 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_09.08.2011_20.55.08_log.txt
[2011/09/28 20:24:57 | 000,157,370 | ---- | M] () -- C:\TDSSKiller.2.6.2.0_28.09.2011_18.48.57_log.txt
[2011/10/05 15:27:35 | 000,000,023 | ---- | M] () -- C:\test.log
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.sys /90 >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 19:43:15 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 19:43:15 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 19:43:15 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/09/28 19:43:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 19:43:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 19:43:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/09/28 19:43:15 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/09/28 19:43:15 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/09/28 19:43:15 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/09/28 19:43:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/09/28 19:43:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/09/28 19:43:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
< End of report >
OTL Extra
OTL Extras logfile created on: 10/17/2011 10:09:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zach\New folder
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 49.87% Memory free
5.73 Gb Paging File | 3.47 Gb Available in Paging File | 60.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278.32 Gb Total Space | 205.93 Gb Free Space | 73.99% Space Free | Partition Type: NTFS
Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3496865566-1107086353-937524946-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{17118574-A5FD-4323-B005-311326F748B3}" = AVG 2011
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{73CFA17E-F544-431F-A013-AD59C549F86C}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Blender" = Blender
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Creature Creator
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Steam App 440" = Team Fortress 2
"Steam App 57940" = Duke Nukem Forever Demo
"TOSHIBA Game Console" = WildTangent ORB Game Console
"Unity" = Unity
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.1
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT089366" = Cake Mania - Lights, Camera, Action!™
"WT089368" = FATE - The Traitor Soul
"WT089379" = Mystery P.I. - The London Caper
"WT089381" = Slingo Supreme
"WT089386" = Governor of Poker 2 Premium Edition
"WT089395" = Plants vs. Zombies - Game of the Year
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3496865566-1107086353-937524946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Yume Nikki 0.10 English v3" = Yume Nikki 0.10 English v3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/25/2011 11:26:38 PM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e384ca8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e42e61d Exception code: 0xc0000005 Fault offset: 0x6e01e649 Faulting
process id: 0x17e8 Faulting application start time: 0x01cc63993326650a Faulting application
path: c:\program files (x86)\steam\steamapps\mobius_121\team fortress 2\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 34d72da2-cf93-11e0-83dd-60eb6980a429
Error - 8/29/2011 4:11:29 PM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e384ca8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e42e61d Exception code: 0xc0000005 Fault offset: 0x6dfae649 Faulting
process id: 0x8bc Faulting application start time: 0x01cc6677196abd8f Faulting application
path: c:\program files (x86)\steam\steamapps\mobius_121\team fortress 2\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 14778017-d27b-11e0-83dd-60eb6980a429
Error - 8/30/2011 7:34:08 PM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e384ca8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e42e61d Exception code: 0xc0000005 Fault offset: 0x6dcae649 Faulting
process id: 0xb48 Faulting application start time: 0x01cc67656bd3ca2e Faulting application
path: c:\program files (x86)\steam\steamapps\mobius_121\team fortress 2\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 8e51f0b5-d360-11e0-83dd-60eb6980a429
Error - 8/31/2011 11:05:02 PM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e384ca8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e42e61d Exception code: 0xc0000005 Fault offset: 0x6ddfe649 Faulting
process id: 0x1594 Faulting application start time: 0x01cc684c6987a991 Faulting application
path: c:\program files (x86)\steam\steamapps\mobius_121\team fortress 2\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 2e90a595-d447-11e0-83dd-60eb6980a429
Error - 9/2/2011 7:46:03 AM | Computer Name = Zach-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 9/2/2011 11:56:31 AM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e384ca8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e42e61d Exception code: 0xc0000005 Fault offset: 0x6e1ee649 Faulting
process id: 0x1874 Faulting application start time: 0x01cc6980366a9607 Faulting application
path: c:\program files (x86)\steam\steamapps\mobius_121\team fortress 2\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 1f8ad01f-d57c-11e0-83dd-60eb6980a429
Error - 9/2/2011 9:11:46 PM | Computer Name = Zach-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 9/3/2011 4:47:10 AM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e384ca8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e42e61d Exception code: 0xc0000005 Fault offset: 0x6ce1e649 Faulting
process id: 0x1110 Faulting application start time: 0x01cc6a146e797293 Faulting application
path: c:\program files (x86)\steam\steamapps\mobius_121\team fortress 2\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 4f2dcfd2-d609-11e0-a64f-60eb6980a429
Error - 9/4/2011 4:52:35 PM | Computer Name = Zach-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 9/5/2011 3:22:37 AM | Computer Name = Zach-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e384ca8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e42e61d Exception code: 0xc0000005 Fault offset: 0x705fe649 Faulting
process id: 0x1714 Faulting application start time: 0x01cc6b97101e8e30 Faulting application
path: c:\program files (x86)\steam\steamapps\mobius_121\team fortress 2\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: d47f6daa-d78f-11e0-a64f-60eb6980a429
[ System Events ]
Error - 9/30/2011 4:06:30 PM | Computer Name = Zach-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 9/30/2011 4:06:31 PM | Computer Name = Zach-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 9/30/2011 4:06:31 PM | Computer Name = Zach-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 9/30/2011 4:06:32 PM | Computer Name = Zach-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 10/3/2011 1:58:52 PM | Computer Name = Zach-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR5.
Error - 10/3/2011 1:58:55 PM | Computer Name = Zach-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR5.
Error - 10/3/2011 1:58:55 PM | Computer Name = Zach-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR5.
Error - 10/3/2011 1:58:56 PM | Computer Name = Zach-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR5.
Error - 10/4/2011 7:27:17 AM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.
Error - 10/4/2011 7:27:17 AM | Computer Name = Zach-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053
< End of report >
What little GMER found
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2011-10-17 15:29:25
Windows 6.1.7601 Service Pack 1
Running: edi3no20.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???o?????}??? ??????????????????? ???????;???????????.?;????????????&????????????????????5???????????E???5???????????????"????????????????????????????????????????????????????ge??????????????????????????et M????????????????????x??A???-??????wpdfs.inf???? ??????????????????? ???????,?????:?????&?-?????????????????????6???????????5?????sBE???????????-??s0???:???2?2?2?:ve??? ???????,?????;?????;?-??????????C? ???????D0???????????_??????7C??? ???????:?????:???????0?????????????????????????????????????:?????:????.NT??????:??? ???????:???????????9?0?????????????????????????;???2??76?????;?????????????:??? ???????:?????:???????0????????????????????? ???????:???????????:?0????????????????????6.1.7601.17586???????;??? ???;??????????n????????????:??????????????????????????si???????????r???????????????????I???????????:?:?:?:?:?:?:?:?:?:ms??? ???????:????????????????L?????????????????????? ???????:???????????:??????????????&???????????????????????????????????? ???????:???????????:??????????????&??????????????????????????
---- EOF - GMER 1.0.15 ----
This post has been edited by etavares: 18 October 2011 - 05:09 AM
Reason for edit: remove code tags
Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
Attach.txt (4.59K)
Back to top
icon on your desktop.
button.
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
icon to start the program.
button.
