Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

consrv.dll problem


  • This topic is locked This topic is locked
32 replies to this topic

#1 PoorYorick

PoorYorick

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 23 January 2012 - 08:20 PM

I'm hoping someone can help me with what seems like a consrv.dll infection. It looks like this problem has been resolved for other people here. Let me begin by telling you what I've done so far; I was a bad boy and already ran Combofix earlier today, naively treating it like just another malware remover (I did not know that was a major no no until I saw this site). It quarantined a few files, and I haven't touched them in any way. Norton and Malwarebytes also detected and removed a few trojans and other files created by this Zeroaccess B thing, all that's left is the consrv.dll file which Norton says needs to be manually removed.

But my computer has been running quite smoothly after Combofix, the only problems I had were frequent BSOD's about every fifteen minutes (before I ran Combofix today), but I never had booting problems or pop-ups. So I guess the consrv.dll is all that's left. Thank you so much in advance for helping me with this.

Here is the DDS report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Michael at 19:24:19 on 2012-01-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.1594 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\dlcxcoms.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80470&lng=en
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] "cmd.exe" /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoAQgBDAFgAUQAtAEwARABSAFoAQQAtAEIAQQBCAFAAQQAtAFMANwBSAFAATQAtAFAANgBKADYAUAA"&"inst=NwA2AC0ANQA1ADkANQA2ADAAOQA1ADcALQBQAEwAKwA5AC0AWABPADMANgArADEALQBVAFIAMgAwADEAMQArADMALQBOADEARAArADEA"&"prod=92"&"ver=9.0.872
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CA49B850-3E3B-4441-877C-44402FE23A03} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CA49B850-3E3B-4441-877C-44402FE23A03}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
BHO-X64: Softonic-Eng7 - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [AvgUninstallURL] "cmd.exe" /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoAQgBDAFgAUQAtAEwARABSAFoAQQAtAEIAQQBCAFAAQQAtAFMANwBSAFAATQAtAFAANgBKADYAUAA"&"inst=NwA2AC0ANQA1ADkANQA2ADAAOQA1ADcALQBQAEwAKwA5AC0AWABPADMANgArADEALQBVAFIAMgAwADEAMQArADMALQBOADEARAArADEA"&"prod=92"&"ver=9.0.872
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80470&language=en&qkw=
FF - prefs.js: network.proxy.ftp - 109.123.70.47
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 109.123.70.47
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 109.123.70.47
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 109.123.70.47
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npkanevapatch.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;C:\windows\system32\drivers\FixTDSS.sys --> C:\windows\system32\drivers\FixTDSS.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSviA64.sys [2012-1-20 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 dlcx_device;dlcx_device;C:\windows\system32\dlcxcoms.exe -service --> C:\windows\system32\dlcxcoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-23 652872]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-6-6 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-22 135664]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-1-12 131912]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-22 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\system32\Drivers\nx6000.sys --> C:\windows\system32\Drivers\nx6000.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 12288]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-20 51512]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-01-23 22:37:29 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-23 21:19:14 -------- d-----w- C:\Users\Michael\AppData\Roaming\Malwarebytes
2012-01-23 21:19:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-23 19:06:22 -------- d-----w- C:\Users\Michael\AppData\Local\NPE
2012-01-23 18:14:49 98816 ----a-w- C:\windows\sed.exe
2012-01-23 18:14:49 518144 ----a-w- C:\windows\SWREG.exe
2012-01-23 18:14:49 256000 ----a-w- C:\windows\PEV.exe
2012-01-23 18:14:49 208896 ----a-w- C:\windows\MBR.exe
2012-01-23 02:53:18 -------- d-----w- C:\Users\Michael\AppData\Roaming\3AD6C
2012-01-23 02:48:12 -------- d-----w- C:\Users\Michael\AppData\Local\Symantec
2012-01-23 02:46:29 27256 ----a-w- C:\windows\System32\drivers\FixTDSS.sys
2012-01-23 02:46:29 -------- d-----w- C:\Users\Michael\AppData\Roaming\FixTDSS
2012-01-21 17:54:17 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-01-21 02:54:48 -------- d-----w- C:\Users\Michael\rupert.brady
2012-01-18 01:08:39 -------- d-----w- C:\Program Files (x86)\Atari
2012-01-12 20:06:10 -------- d-----w- C:\Users\Michael\AppData\Local\Desura
2012-01-12 19:59:03 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-01-12 19:48:33 -------- d-----w- C:\ProgramData\Desura
2012-01-12 19:48:09 -------- d-----w- C:\Program Files (x86)\Desura
2012-01-11 16:56:50 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-11 16:56:50 1328640 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-11 16:56:49 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-11 16:56:49 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-11 16:56:45 1739160 ----a-w- C:\windows\System32\ntdll.dll
2012-01-11 16:56:44 1292592 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-11 16:56:39 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-11 16:56:39 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-07 21:16:22 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-01-04 16:11:30 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-01-04 16:10:52 -------- d-----w- C:\windows\PCHEALTH
2012-01-04 16:10:52 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-01-04 16:08:48 -------- d-----w- C:\Users\Michael\AppData\Local\Microsoft Help
2011-12-31 03:26:17 -------- d-----w- C:\Users\Michael\AppData\Roaming\Tific
2011-12-26 00:30:05 -------- d-----w- C:\Users\Michael\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\windows\System32\win32k.sys
2011-11-10 10:54:13 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\windows\System32\csrsrv.dll
.
============= FINISH: 19:25:20.91 ===============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 PM

Posted 29 January 2012 - 09:22 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 PoorYorick

PoorYorick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 30 January 2012 - 07:42 PM

No problem at all about the delay. I know you guys are busy and I appreciate the help so much.

I am running Windows 7 Home Premium 64bit, and I still have my Windows CD.

I'm not experiencing any noticeable problems, but Norton still says that I need to manually remove consrv.dll from my computer. I have run TDSKiller, Malwarebytes, ComboFix (which quarantined a few files), and a few Norton full system scans before posting this thread on the 23rd.

Here is the OTL.text:
OTL logfile created on: 1/30/2012 6:21:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 39.33% Memory free
7.17 Gb Paging File | 5.28 Gb Available in Paging File | 73.72% Paging File free
Paging file location(s): c:\pagefile.sys 4404 4404 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.43 Gb Total Space | 55.78 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive L: | 410.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SCATES | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 18:19:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2012/01/27 18:22:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2012/01/27 18:22:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/07/01 20:14:03 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/27 18:22:24 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll
MOD - [2011/11/10 05:53:45 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2011/10/06 14:22:06 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
MOD - [2006/09/06 05:13:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll
MOD - [2006/03/14 16:38:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxdrec.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/13 13:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/08/21 11:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2008/01/09 11:37:38 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2006/10/11 17:36:58 | 000,561,152 | ---- | M] ( ) [Auto | Running] -- C:\windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2012/01/12 14:58:36 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/22 11:56:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/11/12 17:30:59 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/01 20:14:03 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/22 21:46:29 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixTDSS.sys -- (FixTDSS)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/06/06 12:15:58 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 14:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/10/27 09:05:02 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 18:04:06 | 000,446,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/11/29 01:20:32 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/11/29 01:20:24 | 000,054,288 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/12/31 10:35:53 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120130.002\EX64.SYS -- (NAVEX15)
DRV - [2011/12/31 10:35:53 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120130.002\ENG64.SYS -- (NAVENG)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120126.003\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 03:04:25 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 03:04:25 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/08/22 13:25:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62889

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62889



IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80470&lng=en
IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.18.0
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.41
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80470&language=en&qkw="
FF - prefs.js..network.proxy.backup.ftp: "93.189.5138"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "93.189.5138"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "93.189.5138"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "109.123.70.47"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "109.123.70.47"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "109.123.70.47"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "109.123.70.47"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/01/26 08:57:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/26 08:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2012/01/27 18:22:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2012/01/23 16:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/17 15:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/17 15:34:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B0BA5CF0-CFD3-44B9-8185-5D18EA43C961}: C:\Users\Michael\AppData\Local\{B0BA5CF0-CFD3-44B9-8185-5D18EA43C961}\ [2011/05/16 00:27:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EC41717B-855C-445D-810C-EF497A5A2BC3}: C:\Users\Michael\AppData\Local\{EC41717B-855C-445D-810C-EF497A5A2BC3} [2011/05/16 01:22:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{383586D1-AE53-42C9-8FB3-B9EA3279C359}: C:\Users\Michael\AppData\Local\{383586D1-AE53-42C9-8FB3-B9EA3279C359} [2011/05/16 11:45:50 | 000,000,000 | ---D | M]

[2010/07/01 12:12:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/01/21 11:47:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions
[2010/09/04 21:31:30 | 000,000,000 | -H-D | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/01/15 14:48:31 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/01/09 11:05:54 | 000,000,000 | ---D | M] (Softonic English FF Community Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}
[2011/06/24 13:59:10 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\battlefieldheroespatcher@ea.com
[2011/03/24 10:25:23 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\engine@conduit.com
[2011/08/14 21:47:50 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\plugin@yontoo.com
[2011/03/02 11:50:57 | 000,002,292 | -H-- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\searchplugins\inbox-search.xml
[2011/06/27 09:27:59 | 000,002,470 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\searchplugins\safesearch.xml
[2011/03/24 10:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/09 13:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NGTHD437.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011/04/30 10:14:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/09 13:32:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/27 16:23:38 | 000,081,920 | ---- | M] (Kaneva, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\npkanevapatch.dll
[2010/12/07 17:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Kaneva WOK Patch Plugin for Mozilla 3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npkanevapatch.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Ancient History Encyclopedia = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\2_0\
CHR - Extension: Angry Birds = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Brushed = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: 3D Solar System Web = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd\0.21_0\
CHR - Extension: Google Books = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.0.0.0_0\
CHR - Extension: Yontoo Layers = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\

O1 HOSTS File: ([2012/01/23 13:28:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA49B850-3E3B-4441-877C-44402FE23A03}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: 1595553375 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DLCXCATS - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DriverScanner - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files (x86)\Dell PC Fax\fm3032.exe ()
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: LifeCam - hkey= - key= - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Shihibuxidet - hkey= - key= - C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SpeedUpMyPC - hkey= - key= - C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
MsConfig:64bit - StartUpReg: suoasec - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: X-IM - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: yoaulit - hkey= - key= - File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{EC4EA395-C9DB-4D10-81F2-4D3356B0989B} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)


========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 18:19:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/01/25 17:37:32 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/01/25 17:37:32 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/01/25 17:37:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/01/25 17:37:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/01/25 17:37:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/01/25 17:37:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/01/23 17:37:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/23 16:19:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2012/01/23 16:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/23 16:14:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/01/23 16:14:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/01/23 16:14:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/01/23 15:45:30 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/01/23 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\NPE
[2012/01/23 13:54:13 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2012/01/23 13:14:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/23 13:14:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/23 13:14:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/23 13:06:31 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/23 12:34:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 21:53:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\3AD6C
[2012/01/22 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Symantec
[2012/01/22 21:46:29 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixTDSS.sys
[2012/01/22 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FixTDSS
[2012/01/22 09:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/01/21 12:54:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2012/01/21 12:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2012/01/20 21:54:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\rupert.brady
[2012/01/17 20:21:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\atari
[2012/01/17 20:12:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
[2012/01/17 20:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2012/01/12 15:06:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Desura
[2012/01/12 14:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/01/12 14:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/01/12 14:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
[2012/01/12 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/01/11 11:56:50 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/01/11 11:56:50 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/01/11 11:56:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/01/11 11:56:49 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/01/11 11:56:46 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/01/11 11:56:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/01/11 11:56:45 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/01/11 11:56:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/01/11 11:56:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/01/07 16:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012/01/07 16:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/01/07 16:05:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Electronic Arts
[2012/01/04 11:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/04 11:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/01/04 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/04 11:10:52 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2012/01/04 11:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/01/04 11:08:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Help
[2012/01/04 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/04 11:08:16 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/02/09 15:14:29 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxinpa.dll
[2011/02/09 15:14:29 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxiesc.dll
[2011/02/09 15:14:28 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxpmui.dll
[2011/02/09 15:14:26 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxusb1.dll
[2011/02/09 15:14:25 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxserv.dll
[2011/02/09 15:14:25 | 000,176,128 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxppls.exe
[2011/02/09 15:14:25 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxprox.dll
[2011/02/09 15:14:24 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxlmpm.dll
[2011/02/09 15:14:24 | 000,380,928 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxih.exe
[2011/02/09 15:14:24 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxpplc.dll
[2011/02/09 15:14:23 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxhbn3.dll
[2011/02/09 15:14:23 | 000,532,480 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcoms.exe
[2011/02/09 15:14:23 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcomm.dll
[2011/02/09 15:14:22 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcomc.dll
[2011/02/09 15:14:22 | 000,381,832 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcfg.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 18:19:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/01/30 18:13:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 17:31:00 | 000,000,916 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4171711253-1730639078-1137701345-1002UA.job
[2012/01/30 15:51:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/30 09:40:17 | 000,000,864 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4171711253-1730639078-1137701345-1002Core.job
[2012/01/29 23:31:42 | 000,071,583 | ---- | M] () -- C:\Users\Michael\H_Hoffmann_Struwwel_08.jpg
[2012/01/29 20:13:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/29 00:58:55 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 00:58:55 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 11:25:20 | 000,002,184 | ---- | M] () -- C:\{51031483-293D-42C8-97D6-832005BA515E}
[2012/01/26 08:56:52 | 2309,660,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/25 15:33:54 | 000,002,425 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012/01/23 22:59:48 | 000,002,408 | ---- | M] () -- C:\{731EBAC0-5877-418D-AF80-78C9D8E61AE9}
[2012/01/23 19:22:32 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2012/01/23 16:19:04 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 15:09:42 | 000,002,288 | ---- | M] () -- C:\{5BF2E184-A334-4638-B275-88BCF5F7E0C1}
[2012/01/23 15:08:26 | 000,002,184 | ---- | M] () -- C:\{81429BF0-30FA-4176-957E-B693FFB8B6A5}
[2012/01/23 13:53:40 | 002,035,725 | ---- | M] () -- C:\Users\Michael\Desktop\tdsskiller.zip
[2012/01/23 13:28:45 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/01/22 21:51:13 | 000,002,840 | ---- | M] () -- C:\{EF2EDFF6-2BD5-43B7-A309-E332E654955A}
[2012/01/22 21:46:29 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixTDSS.sys
[2012/01/22 09:25:51 | 000,002,331 | ---- | M] () -- C:\Users\Public\Desktop\Harry Potter and the Half-Blood Prince™.lnk
[2012/01/21 13:26:13 | 000,000,241 | ---- | M] () -- C:\windows\QQPlayer.INI
[2012/01/21 12:57:15 | 000,000,978 | ---- | M] () -- C:\Users\Michael\Desktop\KMPlayer.lnk
[2012/01/19 13:10:18 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2012/01/17 20:12:35 | 000,001,190 | ---- | M] () -- C:\Users\Michael\Desktop\Launch Fahrenheit.lnk
[2012/01/12 16:03:35 | 000,001,091 | ---- | M] () -- C:\Users\Michael\Desktop\Six Feet Under - Shortcut.lnk
[2012/01/12 14:48:10 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Desura.lnk
[2012/01/12 09:47:17 | 000,876,084 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/12 09:47:17 | 000,720,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/12 09:47:17 | 000,141,882 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/07 16:15:59 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/01/04 21:56:03 | 000,368,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/01/03 19:48:51 | 000,024,887 | ---- | M] () -- C:\Users\Michael\Documents\homeless man.odt
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/29 22:29:20 | 000,071,583 | ---- | C] () -- C:\Users\Michael\H_Hoffmann_Struwwel_08.jpg
[2012/01/26 11:25:20 | 000,002,184 | ---- | C] () -- C:\{51031483-293D-42C8-97D6-832005BA515E}
[2012/01/23 22:59:48 | 000,002,408 | ---- | C] () -- C:\{731EBAC0-5877-418D-AF80-78C9D8E61AE9}
[2012/01/23 19:22:32 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2012/01/23 16:19:04 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 15:09:41 | 000,002,288 | ---- | C] () -- C:\{5BF2E184-A334-4638-B275-88BCF5F7E0C1}
[2012/01/23 15:08:25 | 000,002,184 | ---- | C] () -- C:\{81429BF0-30FA-4176-957E-B693FFB8B6A5}
[2012/01/23 13:53:29 | 002,035,725 | ---- | C] () -- C:\Users\Michael\Desktop\tdsskiller.zip
[2012/01/23 13:14:49 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/23 13:14:49 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/23 13:14:49 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/23 13:14:49 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/23 13:14:49 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/22 21:51:10 | 000,002,840 | ---- | C] () -- C:\{EF2EDFF6-2BD5-43B7-A309-E332E654955A}
[2012/01/22 09:25:50 | 000,002,331 | ---- | C] () -- C:\Users\Public\Desktop\Harry Potter and the Half-Blood Prince™.lnk
[2012/01/21 12:54:22 | 000,000,978 | ---- | C] () -- C:\Users\Michael\Desktop\KMPlayer.lnk
[2012/01/17 20:12:34 | 000,001,190 | ---- | C] () -- C:\Users\Michael\Desktop\Launch Fahrenheit.lnk
[2012/01/12 16:03:35 | 000,001,091 | ---- | C] () -- C:\Users\Michael\Desktop\Six Feet Under - Shortcut.lnk
[2012/01/12 14:48:10 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Desura.lnk
[2012/01/07 16:15:59 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/12/18 11:07:03 | 000,007,627 | ---- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2011/11/17 15:46:33 | 000,157,196 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/11/14 12:08:18 | 000,000,174 | ---- | C] () -- C:\windows\game.ini
[2011/07/18 17:53:37 | 000,000,019 | ---- | C] () -- C:\windows\D.ini
[2011/07/09 14:41:25 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/05/07 22:09:46 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/02/09 15:14:29 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\dlcxinst.dll
[2011/02/09 15:14:29 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\dlcxjswr.dll
[2011/02/09 15:14:28 | 000,454,656 | ---- | C] () -- C:\windows\SysWow64\dlcxutil.dll
[2011/02/09 15:14:28 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\dlcxinsr.dll
[2011/02/09 15:14:28 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dlcxcur.dll
[2011/02/09 15:14:27 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\dlcxinsb.dll
[2011/02/09 15:14:27 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\dlcxins.dll
[2011/02/09 15:14:27 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\dlcxcub.dll
[2011/02/09 15:14:26 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\dlcxcu.dll
[2011/02/09 15:14:21 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\DLCXcfg.dll
[2010/12/05 18:39:54 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2010/11/15 21:08:38 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/10/13 12:36:32 | 000,000,095 | -H-- | C] () -- C:\Users\Michael\AppData\Local\fusioncache.dat
[2010/10/12 17:17:41 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2010/09/25 14:55:51 | 000,000,241 | ---- | C] () -- C:\windows\QQPlayer.INI
[2010/09/17 12:17:05 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2010/07/04 19:34:05 | 000,011,264 | -H-- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/01 20:14:04 | 000,215,016 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2010/07/01 20:14:03 | 002,427,248 | ---- | C] () -- C:\windows\SysWow64\pbsvc_heroes.exe
[2010/07/01 20:14:03 | 000,075,064 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2010/06/18 18:46:09 | 000,000,654 | -H-- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2010/05/25 12:05:35 | 000,877,690 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/04/20 04:17:02 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/08/27 10:05:12 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/08/27 10:05:12 | 000,439,300 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/08/27 10:05:12 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/08/27 10:05:12 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2006/10/01 22:03:07 | 000,108,032 | ---- | C] () -- C:\windows\SysWow64\gc.dll
[2003/04/08 22:28:44 | 000,233,472 | R--- | C] () -- C:\windows\SysWow64\MafiaSetup.exe

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

and the Extras.txt:
OTL Extras logfile created on: 1/30/2012 6:21:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 39.33% Memory free
7.17 Gb Paging File | 5.28 Gb Available in Paging File | 73.72% Paging File free
Paging file location(s): c:\pagefile.sys 4404 4404 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.43 Gb Total Space | 55.78 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive L: | 410.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SCATES | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.WORD_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.WORD_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.WORD_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.WORD_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.WORD_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.WORD_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.WORD_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.WORD_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.WORD_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.WORD" = Microsoft Word 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 30
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter and the Half-Blood Prince™
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Any Video Converter_is1" = Any Video Converter 3.3.1
"Best Buy Software Installer" = Best Buy Software Installer
"BitTorrent" = BitTorrent
"Desura" = Desura
"EAX Unified" = EAX Unified
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"LIMBO" = LIMBO
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MKVToolNix" = MKVToolNix 5.1.0
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MP3MyMP3_is1" = MP3MyMP3 3.0
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 3.2.0-1
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Station Launcher" = Station Launcher
"The KMPlayer" = The KMPlayer (remove only)
"Tomato Youtube Downloader" = Tomato Youtube Downloader
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 3:13:29 PM | Computer Name = Scates | Source = Application Hang | ID = 1002
Description = The program WORDPAD.EXE version 6.1.7600.16624 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c8c Start
Time: 01ccd2f08c66c5d5 Termination Time: 52 Application Path: C:\Program Files\Windows
NT\Accessories\WORDPAD.EXE Report Id: d44f4ecc-3ee3-11e1-a758-705ab6be94ee

Error - 1/14/2012 3:18:43 PM | Computer Name = Scates | Source = Application Hang | ID = 1002
Description = The program WORDPAD.EXE version 6.1.7600.16624 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12b8 Start
Time: 01ccd2f149991797 Termination Time: 48 Application Path: C:\Program Files\Windows
NT\Accessories\WORDPAD.EXE Report Id: 90491bfa-3ee4-11e1-a758-705ab6be94ee

Error - 1/15/2012 1:33:46 AM | Computer Name = Scates | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/17/2012 10:13:42 PM | Computer Name = Scates | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: Flash10b.ocx, version: 10.0.22.87, time
stamp: 0x4987a6c3 Exception code: 0xc0000005 Fault offset: 0x001ea9e1 Faulting process
id: 0x370 Faulting application start time: 0x01ccd261b8752a74 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\SysWow64\Macromed\Flash\Flash10b.ocx
Report
Id: 0a7249a1-417a-11e1-a758-705ab6be94ee

Error - 1/18/2012 9:51:45 AM | Computer Name = Scates | Source = PerfOS | ID = 1000
Description =

Error - 1/19/2012 3:59:20 AM | Computer Name = Scates | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/20/2012 2:35:55 AM | Computer Name = Scates | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/21/2012 11:55:27 AM | Computer Name = Scates | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/22/2012 1:33:38 AM | Computer Name = Scates | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/22/2012 7:34:40 PM | Computer Name = Scates | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x72463225 Faulting process id: 0x35c Faulting application
start time: 0x01ccd95a273630b8 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: a72dd7fd-4551-11e1-850b-705ab6be94ee

[ Media Center Events ]
Error - 9/1/2011 11:10:15 PM | Computer Name = Scates | Source = MCUpdate | ID = 0
Description = 11:10:15 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 5/24/2011 4:39:16 PM | Computer Name = Scates | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:37:43 PM on ?5/?24/?2011 was unexpected.

Error - 5/24/2011 4:39:25 PM | Computer Name = SCATES | Source = BugCheck | ID = 1001
Description =

Error - 5/25/2011 2:40:25 AM | Computer Name = Scates | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/25/2011 11:16:38 PM | Computer Name = Scates | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/25/2011 11:16:39 PM | Computer Name = Scates | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/25/2011 11:16:40 PM | Computer Name = Scates | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/25/2011 11:16:40 PM | Computer Name = Scates | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/26/2011 5:00:24 PM | Computer Name = Scates | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/27/2011 6:20:20 PM | Computer Name = Scates | Source = Service Control Manager | ID = 7031
Description = The CSIScanner service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 5/27/2011 6:20:35 PM | Computer Name = Scates | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%109


< End of report >

and the new DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Michael at 19:35:46 on 2012-01-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.1058 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\dlcxcoms.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\svchost.exe -k iissvcs
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\notepad.exe
C:\windows\notepad.exe
C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80470&lng=en
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] "cmd.exe" /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoAQgBDAFgAUQAtAEwARABSAFoAQQAtAEIAQQBCAFAAQQAtAFMANwBSAFAATQAtAFAANgBKADYAUAA"&"inst=NwA2AC0ANQA1ADkANQA2ADAAOQA1ADcALQBQAEwAKwA5AC0AWABPADMANgArADEALQBVAFIAMgAwADEAMQArADMALQBOADEARAArADEA"&"prod=92"&"ver=9.0.872
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CA49B850-3E3B-4441-877C-44402FE23A03} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CA49B850-3E3B-4441-877C-44402FE23A03}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
BHO-X64: Softonic-Eng7 - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [AvgUninstallURL] "cmd.exe" /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoAQgBDAFgAUQAtAEwARABSAFoAQQAtAEIAQQBCAFAAQQAtAFMANwBSAFAATQAtAFAANgBKADYAUAA"&"inst=NwA2AC0ANQA1ADkANQA2ADAAOQA1ADcALQBQAEwAKwA5AC0AWABPADMANgArADEALQBVAFIAMgAwADEAMQArADMALQBOADEARAArADEA"&"prod=92"&"ver=9.0.872
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80470&language=en&qkw=
FF - prefs.js: network.proxy.ftp - 109.123.70.47
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 109.123.70.47
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 109.123.70.47
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 109.123.70.47
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npkanevapatch.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;C:\windows\system32\drivers\FixTDSS.sys --> C:\windows\system32\drivers\FixTDSS.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSviA64.sys [2012-1-30 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 dlcx_device;dlcx_device;C:\windows\system32\dlcxcoms.exe -service --> C:\windows\system32\dlcxcoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-23 652872]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-6-6 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-22 135664]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-1-12 131912]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-22 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\system32\Drivers\nx6000.sys --> C:\windows\system32\Drivers\nx6000.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 12288]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-20 51512]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-01-23 22:37:29 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-23 21:19:14 -------- d-----w- C:\Users\Michael\AppData\Roaming\Malwarebytes
2012-01-23 21:19:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-23 19:06:22 -------- d-----w- C:\Users\Michael\AppData\Local\NPE
2012-01-23 18:14:49 98816 ----a-w- C:\windows\sed.exe
2012-01-23 18:14:49 518144 ----a-w- C:\windows\SWREG.exe
2012-01-23 18:14:49 256000 ----a-w- C:\windows\PEV.exe
2012-01-23 18:14:49 208896 ----a-w- C:\windows\MBR.exe
2012-01-23 02:53:18 -------- d-----w- C:\Users\Michael\AppData\Roaming\3AD6C
2012-01-23 02:48:12 -------- d-----w- C:\Users\Michael\AppData\Local\Symantec
2012-01-23 02:46:29 27256 ----a-w- C:\windows\System32\drivers\FixTDSS.sys
2012-01-23 02:46:29 -------- d-----w- C:\Users\Michael\AppData\Roaming\FixTDSS
2012-01-21 17:54:17 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-01-21 02:54:48 -------- d-----w- C:\Users\Michael\rupert.brady
2012-01-18 01:08:39 -------- d-----w- C:\Program Files (x86)\Atari
2012-01-12 20:06:10 -------- d-----w- C:\Users\Michael\AppData\Local\Desura
2012-01-12 19:59:03 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-01-12 19:48:33 -------- d-----w- C:\ProgramData\Desura
2012-01-12 19:48:09 -------- d-----w- C:\Program Files (x86)\Desura
2012-01-11 16:56:50 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-11 16:56:50 1328640 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-11 16:56:49 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-11 16:56:49 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-11 16:56:45 1739160 ----a-w- C:\windows\System32\ntdll.dll
2012-01-11 16:56:44 1292592 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-11 16:56:39 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-11 16:56:39 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-07 21:16:22 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-01-04 16:11:30 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-01-04 16:10:52 -------- d-----w- C:\windows\PCHEALTH
2012-01-04 16:10:52 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-01-04 16:08:48 -------- d-----w- C:\Users\Michael\AppData\Local\Microsoft Help
.
==================== Find3M ====================
.
2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-11-10 10:54:13 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:36:27.77 ===============

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 PM

Posted 01 February 2012 - 03:56 PM

Hi,

can you please post the content of the ComboFix and TDSSKiller logs? ComboFix should have removed consrv.dll.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 PoorYorick

PoorYorick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 04 February 2012 - 01:15 PM

ComboFix log:

ComboFix 12-01-23.02 - Michael 01/23/2012 13:16:50.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.1982 [GMT -5:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Michael\AppData\Local\Windows Server
c:\users\Michael\AppData\Local\Windows Server\server.dat
c:\users\Michael\AppData\Roaming\Adobe\shed
c:\users\Michael\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Michael\AppData\Roaming\Microsoft\~DFK45b4aba7.tmp
c:\users\Michael\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Michael\AppData\Roaming\Microsoft\bass.dll
c:\users\Michael\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Michael\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Michael\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Michael\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Michael\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 18:27 . 2012-01-23 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-23 02:53 . 2012-01-23 02:58 -------- d-----w- c:\users\Michael\AppData\Roaming\3AD6C
2012-01-23 02:48 . 2012-01-23 02:48 -------- d-----w- c:\users\Michael\AppData\Local\Symantec
2012-01-23 02:46 . 2012-01-23 02:46 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-01-23 02:46 . 2012-01-23 02:46 -------- d-----w- c:\users\Michael\AppData\Roaming\FixTDSS
2012-01-21 17:54 . 2012-01-22 14:17 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-01-21 02:54 . 2012-01-23 03:42 -------- d-----w- c:\users\Michael\rupert.brady
2012-01-18 01:08 . 2012-01-18 01:08 -------- d-----w- c:\program files (x86)\Atari
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\users\Michael\AppData\Local\Desura
2012-01-12 19:59 . 2012-01-12 19:59 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-01-12 19:48 . 2012-01-12 19:48 -------- d-----w- c:\programdata\Desura
2012-01-12 19:48 . 2012-01-12 20:06 -------- d-----w- c:\program files (x86)\Desura
2012-01-11 16:56 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:56 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 16:56 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:56 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 16:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 16:56 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:56 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 21:16 . 2012-01-07 21:16 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-01-07 21:08 . 2012-01-22 14:21 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-01-04 16:11 . 2012-01-04 16:11 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-01-04 16:10 . 2012-01-04 16:10 -------- d-----w- c:\windows\PCHEALTH
2012-01-04 16:10 . 2012-01-04 16:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-01-04 16:08 . 2012-01-04 16:08 -------- d-----w- c:\users\Michael\AppData\Local\Microsoft Help
2012-01-04 16:08 . 2012-01-04 16:08 -------- d-----r- C:\MSOCache
2011-12-31 03:26 . 2011-12-31 03:26 -------- d-----w- c:\users\Michael\AppData\Roaming\Tific
2011-12-26 00:30 . 2012-01-22 17:29 -------- d-----w- c:\users\Michael\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 05:00 . 2011-12-14 22:48 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:26 . 2011-12-14 22:49 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 22:49 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 22:48 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 22:49 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 22:49 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 22:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 22:49 482816 ----a-w- c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 22:49 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 22:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 22:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:19 . 2011-12-14 22:50 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-21 03:35 787744 ------w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files (x86)\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoAQgBDAFgAUQAtAEwARABSAFoAQQAtAEIAQQBCAFAAQQAtAFMANwBSAFAATQAtAFAANgBKADYAUAA&inst=NwA2AC0ANQA1ADkANQA2ADAAOQA1ADcALQBQAEwAKwA5AC0AWABPADMANgArADEALQBVAFIAMgAwADEAMQArADMALQBOADEARAArADEA&prod=92&ver=9.0.872" [?]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 135664]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-01-12 131912]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 135664]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSvia64.sys [2011-11-29 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 22:23]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 22:23]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4171711253-1730639078-1137701345-1002Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 01:33]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4171711253-1730639078-1137701345-1002UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 01:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"combofix"="c:\combofix\CF23769.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80470&lng=en
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:61394
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80470&language=en&qkw=
FF - prefs.js: network.proxy.ftp - 109.123.70.47
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 109.123.70.47
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 109.123.70.47
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 109.123.70.47
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-AB6.exe - c:\program files (x86)\LP\4EE3\AB6.exe
Toolbar-Locked - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe
AddRemove-{FD9C31B6-F572-414D-81E3-89368C97A125}_is1 - c:\program files (x86)\CamStudio 2.6b\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f4,94,11,42,7d,c8,d5,11,56,8b,45,11,fa,7e,e5,cf,b3,29,d0,1b,c6,61,6f,
d9,bb,48,95,cb,c5,7e,74,fe,f4,03,0d,e0,df,88,26,f8,3f,e1,0e,1c,d8,ee,f1,a9,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
.
[HKEY_USERS\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\SecuROM\License information*]
"datasecu"=hex:90,be,aa,80,85,f6,fa,66,8d,cb,65,e4,db,09,fb,a0,8d,8c,ab,52,d7,
9b,7c,1f,0d,37,08,96,ec,e6,77,a3,71,bd,f5,95,91,8a,b5,62,6b,4c,95,b5,93,ea,\
"rkeysecu"=hex:55,10,36,b2,a7,ff,00,d3,0b,bf,39,f5,78,3e,ad,0a
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\04\0f\02&\0c?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-01-23 13:35:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-23 18:35
.
Pre-Run: 11,685,691,392 bytes free
Post-Run: 11,510,919,168 bytes free
.
- - End Of File - - 81269288C8088E46D86C7DF3623A78B8

TDSSKiller log:

I actually don't where to find that. It isn't on my desktop or in my documents folder.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 PM

Posted 06 February 2012 - 03:45 AM

Hi,

please check C:\, if it isn't there either it likely doesn't exist anymore.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

folder::
c:\users\Michael\AppData\Roaming\3AD6C

dds::
uInternet Settings,ProxyServer = http=127.0.0.1:61394

firefox::
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 PoorYorick

PoorYorick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 09 February 2012 - 06:25 PM

Well, the consrv.dll is still in my System32 folder and some of the folders in my "Michael" folder (C:/users/Michael) and the folder itself were changed to "hidden", which I don't recall doing. I fixed all that though, except for my "Michael" folder because I don't know how to change the properties for it since there's nothing to right click in the now empty "Users" folder.

TDSKiller log:

13:54:29.0716 1668 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
13:54:31.0118 1668 ============================================================
13:54:31.0118 1668 Current date / time: 2012/01/23 13:54:31.0118
13:54:31.0118 1668 SystemInfo:
13:54:31.0118 1668
13:54:31.0118 1668 OS Version: 6.1.7600 ServicePack: 0.0
13:54:31.0118 1668 Product type: Workstation
13:54:31.0118 1668 ComputerName: SCATES
13:54:31.0119 1668 UserName: Michael
13:54:31.0119 1668 Windows directory: C:\windows
13:54:31.0119 1668 System windows directory: C:\windows
13:54:31.0119 1668 Running under WOW64
13:54:31.0119 1668 Processor architecture: Intel x64
13:54:31.0119 1668 Number of processors: 1
13:54:31.0119 1668 Page size: 0x1000
13:54:31.0119 1668 Boot type: Normal boot
13:54:31.0119 1668 ============================================================
13:54:31.0807 1668 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:54:31.0834 1668 Initialize success
13:55:53.0725 1012 ============================================================
13:55:53.0725 1012 Scan started
13:55:53.0725 1012 Mode: Manual;
13:55:53.0725 1012 ============================================================
13:55:54.0115 1012 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
13:55:54.0130 1012 1394ohci - ok
13:55:54.0286 1012 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
13:55:54.0286 1012 ACPI - ok
13:55:54.0442 1012 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
13:55:54.0458 1012 AcpiPmi - ok
13:55:54.0629 1012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
13:55:54.0645 1012 adp94xx - ok
13:55:54.0801 1012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
13:55:54.0801 1012 adpahci - ok
13:55:54.0957 1012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
13:55:54.0957 1012 adpu320 - ok
13:55:55.0144 1012 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
13:55:55.0191 1012 AFD - ok
13:55:55.0363 1012 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
13:55:55.0378 1012 AgereSoftModem - ok
13:55:55.0519 1012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
13:55:55.0534 1012 agp440 - ok
13:55:55.0737 1012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
13:55:55.0737 1012 aliide - ok
13:55:55.0877 1012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
13:55:55.0877 1012 amdide - ok
13:55:56.0018 1012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
13:55:56.0018 1012 AmdK8 - ok
13:55:56.0127 1012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
13:55:56.0143 1012 AmdPPM - ok
13:55:56.0330 1012 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
13:55:56.0361 1012 amdsata - ok
13:55:56.0501 1012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
13:55:56.0501 1012 amdsbs - ok
13:55:56.0657 1012 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
13:55:56.0673 1012 amdxata - ok
13:55:56.0891 1012 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
13:55:56.0907 1012 AppID - ok
13:55:57.0157 1012 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
13:55:57.0157 1012 arc - ok
13:55:57.0313 1012 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
13:55:57.0313 1012 arcsas - ok
13:55:57.0531 1012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:55:57.0531 1012 AsyncMac - ok
13:55:57.0671 1012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
13:55:57.0671 1012 atapi - ok
13:55:57.0859 1012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
13:55:57.0874 1012 b06bdrv - ok
13:55:58.0061 1012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:55:58.0061 1012 b57nd60a - ok
13:55:58.0233 1012 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:55:58.0249 1012 Beep - ok
13:55:58.0545 1012 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
13:55:58.0545 1012 BHDrvx64 - ok
13:55:58.0685 1012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:55:58.0685 1012 blbdrive - ok
13:55:58.0873 1012 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
13:55:58.0904 1012 bowser - ok
13:55:59.0013 1012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:55:59.0013 1012 BrFiltLo - ok
13:55:59.0122 1012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:55:59.0122 1012 BrFiltUp - ok
13:55:59.0263 1012 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
13:55:59.0278 1012 BridgeMP - ok
13:55:59.0403 1012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:55:59.0403 1012 Brserid - ok
13:55:59.0528 1012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:55:59.0528 1012 BrSerWdm - ok
13:55:59.0668 1012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:55:59.0668 1012 BrUsbMdm - ok
13:55:59.0777 1012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:55:59.0777 1012 BrUsbSer - ok
13:55:59.0871 1012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
13:55:59.0871 1012 BTHMODEM - ok
13:55:59.0933 1012 catchme - ok
13:56:00.0043 1012 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:56:00.0043 1012 cdfs - ok
13:56:00.0199 1012 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
13:56:00.0199 1012 cdrom - ok
13:56:00.0370 1012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
13:56:00.0370 1012 circlass - ok
13:56:00.0464 1012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:56:00.0464 1012 CLFS - ok
13:56:00.0651 1012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:56:00.0651 1012 CmBatt - ok
13:56:00.0760 1012 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
13:56:00.0760 1012 cmdide - ok
13:56:00.0901 1012 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
13:56:00.0901 1012 CNG - ok
13:56:01.0041 1012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
13:56:01.0057 1012 Compbatt - ok
13:56:01.0181 1012 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
13:56:01.0181 1012 CompositeBus - ok
13:56:01.0322 1012 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
13:56:01.0322 1012 cpudrv64 - ok
13:56:01.0447 1012 cpuz132 - ok
13:56:01.0556 1012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
13:56:01.0556 1012 crcdisk - ok
13:56:01.0774 1012 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
13:56:01.0790 1012 DfsC - ok
13:56:01.0930 1012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:56:01.0946 1012 discache - ok
13:56:02.0071 1012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
13:56:02.0071 1012 Disk - ok
13:56:02.0305 1012 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:56:02.0305 1012 drmkaud - ok
13:56:02.0383 1012 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
13:56:02.0398 1012 DXGKrnl - ok
13:56:02.0617 1012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
13:56:02.0710 1012 ebdrv - ok
13:56:02.0819 1012 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:56:02.0835 1012 eeCtrl - ok
13:56:02.0991 1012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
13:56:03.0007 1012 elxstor - ok
13:56:03.0147 1012 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:56:03.0163 1012 EraserUtilRebootDrv - ok
13:56:03.0272 1012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
13:56:03.0272 1012 ErrDev - ok
13:56:03.0412 1012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:56:03.0428 1012 exfat - ok
13:56:03.0553 1012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:56:03.0553 1012 fastfat - ok
13:56:03.0693 1012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
13:56:03.0693 1012 fdc - ok
13:56:03.0849 1012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:56:03.0849 1012 FileInfo - ok
13:56:03.0958 1012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:56:03.0958 1012 Filetrace - ok
13:56:04.0083 1012 FixTDSS (00940c5e43282206994659d16b4ac412) C:\windows\system32\drivers\FixTDSS.sys
13:56:04.0083 1012 FixTDSS - ok
13:56:04.0239 1012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
13:56:04.0255 1012 flpydisk - ok
13:56:04.0364 1012 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
13:56:04.0379 1012 FltMgr - ok
13:56:04.0520 1012 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:56:04.0535 1012 FsDepends - ok
13:56:04.0645 1012 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
13:56:04.0645 1012 Fs_Rec - ok
13:56:04.0769 1012 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
13:56:04.0785 1012 fvevol - ok
13:56:04.0925 1012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
13:56:04.0925 1012 gagp30kx - ok
13:56:05.0066 1012 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:56:05.0081 1012 GEARAspiWDM - ok
13:56:05.0253 1012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:56:05.0269 1012 hcw85cir - ok
13:56:05.0409 1012 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
13:56:05.0409 1012 HdAudAddService - ok
13:56:05.0549 1012 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
13:56:05.0549 1012 HDAudBus - ok
13:56:05.0674 1012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
13:56:05.0690 1012 HidBatt - ok
13:56:05.0815 1012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
13:56:05.0815 1012 HidBth - ok
13:56:05.0939 1012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
13:56:05.0939 1012 HidIr - ok
13:56:06.0095 1012 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
13:56:06.0095 1012 HidUsb - ok
13:56:06.0251 1012 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
13:56:06.0267 1012 HpSAMD - ok
13:56:06.0392 1012 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
13:56:06.0392 1012 HTTP - ok
13:56:06.0501 1012 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
13:56:06.0501 1012 hwpolicy - ok
13:56:06.0657 1012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
13:56:06.0657 1012 i8042prt - ok
13:56:06.0813 1012 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys
13:56:06.0813 1012 iaStor - ok
13:56:06.0985 1012 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
13:56:07.0000 1012 iaStorV - ok
13:56:07.0312 1012 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSvia64.sys
13:56:07.0312 1012 IDSVia64 - ok
13:56:07.0609 1012 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
13:56:07.0765 1012 igfx - ok
13:56:07.0905 1012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
13:56:07.0921 1012 iirsp - ok
13:56:08.0108 1012 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
13:56:08.0123 1012 IntcAzAudAddService - ok
13:56:08.0233 1012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
13:56:08.0248 1012 intelide - ok
13:56:08.0373 1012 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:56:08.0373 1012 intelppm - ok
13:56:08.0498 1012 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:56:08.0498 1012 IpFilterDriver - ok
13:56:08.0623 1012 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
13:56:08.0623 1012 IPMIDRV - ok
13:56:08.0747 1012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:56:08.0747 1012 IPNAT - ok
13:56:08.0903 1012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:56:08.0903 1012 IRENUM - ok
13:56:09.0013 1012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
13:56:09.0013 1012 isapnp - ok
13:56:09.0137 1012 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
13:56:09.0153 1012 iScsiPrt - ok
13:56:09.0293 1012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
13:56:09.0293 1012 kbdclass - ok
13:56:09.0449 1012 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
13:56:09.0465 1012 kbdhid - ok
13:56:09.0574 1012 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
13:56:09.0574 1012 KSecDD - ok
13:56:09.0683 1012 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
13:56:09.0699 1012 KSecPkg - ok
13:56:09.0824 1012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:56:09.0824 1012 ksthunk - ok
13:56:10.0027 1012 LHidFilt (eb7b0ac515c5f5a5fb1c7143e893c345) C:\windows\system32\DRIVERS\LHidFilt.Sys
13:56:10.0058 1012 LHidFilt - ok
13:56:10.0214 1012 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:56:10.0214 1012 lltdio - ok
13:56:10.0385 1012 LMouFilt (80c1c6be49d9c39b82a8e2e6a4180dc6) C:\windows\system32\DRIVERS\LMouFilt.Sys
13:56:10.0401 1012 LMouFilt - ok
13:56:10.0541 1012 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
13:56:10.0557 1012 LPCFilter - ok
13:56:10.0697 1012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
13:56:10.0713 1012 LSI_FC - ok
13:56:10.0853 1012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
13:56:10.0853 1012 LSI_SAS - ok
13:56:10.0994 1012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:56:11.0009 1012 LSI_SAS2 - ok
13:56:11.0165 1012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:56:11.0165 1012 LSI_SCSI - ok
13:56:11.0275 1012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:56:11.0290 1012 luafv - ok
13:56:11.0446 1012 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
13:56:11.0493 1012 mcdbus - ok
13:56:11.0618 1012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
13:56:11.0618 1012 megasas - ok
13:56:11.0743 1012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
13:56:11.0758 1012 MegaSR - ok
13:56:11.0883 1012 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:56:11.0883 1012 Modem - ok
13:56:12.0023 1012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:56:12.0023 1012 monitor - ok
13:56:12.0148 1012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
13:56:12.0164 1012 mouclass - ok
13:56:12.0335 1012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
13:56:12.0335 1012 mouhid - ok
13:56:12.0445 1012 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
13:56:12.0445 1012 mountmgr - ok
13:56:12.0569 1012 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
13:56:12.0569 1012 mpio - ok
13:56:12.0694 1012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:56:12.0710 1012 mpsdrv - ok
13:56:12.0819 1012 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
13:56:12.0819 1012 MRxDAV - ok
13:56:12.0944 1012 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
13:56:12.0975 1012 mrxsmb - ok
13:56:13.0100 1012 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:56:13.0131 1012 mrxsmb10 - ok
13:56:13.0256 1012 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:56:13.0271 1012 mrxsmb20 - ok
13:56:13.0396 1012 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
13:56:13.0396 1012 msahci - ok
13:56:13.0583 1012 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
13:56:13.0583 1012 msdsm - ok
13:56:13.0739 1012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:56:13.0739 1012 Msfs - ok
13:56:13.0880 1012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:56:13.0880 1012 mshidkmdf - ok
13:56:14.0005 1012 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\windows\system32\Drivers\nx6000.sys
13:56:14.0036 1012 MSHUSBVideo - ok
13:56:14.0145 1012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
13:56:14.0145 1012 msisadrv - ok
13:56:14.0301 1012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:56:14.0301 1012 MSKSSRV - ok
13:56:14.0441 1012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:56:14.0441 1012 MSPCLOCK - ok
13:56:14.0566 1012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:56:14.0566 1012 MSPQM - ok
13:56:14.0691 1012 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
13:56:14.0691 1012 MsRPC - ok
13:56:14.0800 1012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
13:56:14.0800 1012 mssmbios - ok
13:56:14.0941 1012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:56:14.0941 1012 MSTEE - ok
13:56:15.0050 1012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
13:56:15.0050 1012 MTConfig - ok
13:56:15.0143 1012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:56:15.0143 1012 Mup - ok
13:56:15.0299 1012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:56:15.0331 1012 NativeWifiP - ok
13:56:15.0502 1012 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120122.004\ENG64.SYS
13:56:15.0502 1012 NAVENG - ok
13:56:15.0721 1012 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120122.004\EX64.SYS
13:56:15.0721 1012 NAVEX15 - ok
13:56:15.0877 1012 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
13:56:15.0877 1012 NDIS - ok
13:56:16.0017 1012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:56:16.0017 1012 NdisCap - ok
13:56:16.0157 1012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:56:16.0157 1012 NdisTapi - ok
13:56:16.0189 1012 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
13:56:16.0189 1012 Ndisuio - ok
13:56:16.0298 1012 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
13:56:16.0298 1012 NdisWan - ok
13:56:16.0391 1012 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
13:56:16.0391 1012 NDProxy - ok
13:56:16.0516 1012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:56:16.0516 1012 NetBIOS - ok
13:56:16.0625 1012 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
13:56:16.0641 1012 NetBT - ok
13:56:16.0797 1012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
13:56:16.0797 1012 nfrd960 - ok
13:56:16.0937 1012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:56:16.0953 1012 Npfs - ok
13:56:17.0062 1012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:56:17.0062 1012 nsiproxy - ok
13:56:17.0218 1012 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
13:56:17.0249 1012 Ntfs - ok
13:56:17.0343 1012 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:56:17.0343 1012 Null - ok
13:56:17.0483 1012 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
13:56:17.0515 1012 nvraid - ok
13:56:17.0639 1012 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
13:56:17.0639 1012 nvstor - ok
13:56:17.0764 1012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
13:56:17.0764 1012 nv_agp - ok
13:56:17.0873 1012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
13:56:17.0873 1012 ohci1394 - ok
13:56:18.0045 1012 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
13:56:18.0045 1012 Parport - ok
13:56:18.0154 1012 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
13:56:18.0154 1012 partmgr - ok
13:56:18.0263 1012 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
13:56:18.0263 1012 pci - ok
13:56:18.0388 1012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
13:56:18.0404 1012 pciide - ok
13:56:18.0497 1012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
13:56:18.0497 1012 pcmcia - ok
13:56:18.0607 1012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:56:18.0622 1012 pcw - ok
13:56:18.0731 1012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:56:18.0747 1012 PEAUTH - ok
13:56:18.0950 1012 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
13:56:18.0965 1012 PptpMiniport - ok
13:56:19.0075 1012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
13:56:19.0075 1012 Processor - ok
13:56:19.0215 1012 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
13:56:19.0215 1012 Psched - ok
13:56:19.0355 1012 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
13:56:19.0402 1012 PxHlpa64 - ok
13:56:19.0511 1012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
13:56:19.0527 1012 ql2300 - ok
13:56:19.0636 1012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
13:56:19.0636 1012 ql40xx - ok
13:56:19.0745 1012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:56:19.0745 1012 QWAVEdrv - ok
13:56:19.0839 1012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:56:19.0839 1012 RasAcd - ok
13:56:19.0979 1012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:56:19.0979 1012 RasAgileVpn - ok
13:56:20.0120 1012 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
13:56:20.0120 1012 Rasl2tp - ok
13:56:20.0260 1012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:56:20.0260 1012 RasPppoe - ok
13:56:20.0401 1012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:56:20.0401 1012 RasSstp - ok
13:56:20.0510 1012 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
13:56:20.0510 1012 rdbss - ok
13:56:20.0619 1012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
13:56:20.0619 1012 rdpbus - ok
13:56:20.0728 1012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:56:20.0728 1012 RDPCDD - ok
13:56:20.0853 1012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:56:20.0853 1012 RDPENCDD - ok
13:56:20.0962 1012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:56:20.0962 1012 RDPREFMP - ok
13:56:21.0071 1012 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
13:56:21.0071 1012 RDPWD - ok
13:56:21.0196 1012 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
13:56:21.0212 1012 rdyboost - ok
13:56:21.0352 1012 RivaTuner64 (9b29bbd1427f71a854c2b400f3bbcf55) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
13:56:21.0383 1012 RivaTuner64 - ok
13:56:21.0524 1012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:56:21.0555 1012 rspndr - ok
13:56:21.0680 1012 RSUSBSTOR - ok
13:56:21.0820 1012 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\windows\system32\DRIVERS\Rt64win7.sys
13:56:21.0836 1012 RTL8167 - ok
13:56:21.0976 1012 RTL8187B (a36805e60282b1753c28001269d725e7) C:\windows\system32\DRIVERS\RTL8187B.sys
13:56:21.0992 1012 RTL8187B - ok
13:56:22.0132 1012 RtsUIR - ok
13:56:22.0257 1012 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
13:56:22.0257 1012 sbp2port - ok
13:56:22.0366 1012 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\windows\system32\drivers\SCDEmu.sys
13:56:22.0382 1012 SCDEmu - ok
13:56:22.0491 1012 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
13:56:22.0491 1012 scfilter - ok
13:56:22.0631 1012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:56:22.0631 1012 secdrv - ok
13:56:22.0756 1012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
13:56:22.0756 1012 Serenum - ok
13:56:22.0881 1012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
13:56:22.0912 1012 Serial - ok
13:56:23.0021 1012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
13:56:23.0021 1012 sermouse - ok
13:56:23.0146 1012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
13:56:23.0146 1012 sffdisk - ok
13:56:23.0240 1012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
13:56:23.0240 1012 sffp_mmc - ok
13:56:23.0349 1012 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
13:56:23.0349 1012 sffp_sd - ok
13:56:23.0458 1012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
13:56:23.0458 1012 sfloppy - ok
13:56:23.0630 1012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:56:23.0645 1012 SiSRaid2 - ok
13:56:23.0755 1012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
13:56:23.0770 1012 SiSRaid4 - ok
13:56:23.0895 1012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:56:23.0926 1012 Smb - ok
13:56:24.0082 1012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:56:24.0082 1012 spldr - ok
13:56:24.0254 1012 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
13:56:24.0269 1012 SRTSP - ok
13:56:24.0457 1012 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
13:56:24.0472 1012 SRTSPX - ok
13:56:24.0628 1012 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
13:56:24.0628 1012 srv - ok
13:56:24.0753 1012 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
13:56:24.0784 1012 srv2 - ok
13:56:24.0925 1012 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
13:56:24.0956 1012 srvnet - ok
13:56:25.0081 1012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
13:56:25.0081 1012 stexstor - ok
13:56:25.0221 1012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
13:56:25.0221 1012 swenum - ok
13:56:25.0471 1012 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
13:56:25.0486 1012 SymDS - ok
13:56:25.0720 1012 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
13:56:25.0767 1012 SymEFA - ok
13:56:25.0923 1012 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
13:56:25.0923 1012 SymEvent - ok
13:56:26.0001 1012 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
13:56:26.0017 1012 SymIRON - ok
13:56:26.0204 1012 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS
13:56:26.0204 1012 SymNetS - ok
13:56:26.0329 1012 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
13:56:26.0344 1012 SynTP - ok
13:56:26.0547 1012 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
13:56:26.0578 1012 Tcpip - ok
13:56:26.0781 1012 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
13:56:26.0797 1012 TCPIP6 - ok
13:56:26.0906 1012 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
13:56:26.0906 1012 tcpipreg - ok
13:56:27.0015 1012 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:56:27.0031 1012 tdcmdpst - ok
13:56:27.0140 1012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:56:27.0155 1012 TDPIPE - ok
13:56:27.0265 1012 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
13:56:27.0265 1012 TDTCP - ok
13:56:27.0374 1012 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
13:56:27.0374 1012 tdx - ok
13:56:27.0483 1012 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
13:56:27.0483 1012 TermDD - ok
13:56:27.0670 1012 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
13:56:27.0686 1012 tos_sps64 - ok
13:56:27.0811 1012 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
13:56:27.0811 1012 tssecsrv - ok
13:56:27.0951 1012 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
13:56:27.0951 1012 tunnel - ok
13:56:28.0060 1012 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:56:28.0076 1012 TVALZ - ok
13:56:28.0201 1012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
13:56:28.0201 1012 uagp35 - ok
13:56:28.0310 1012 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
13:56:28.0310 1012 udfs - ok
13:56:28.0435 1012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
13:56:28.0435 1012 uliagpkx - ok
13:56:28.0559 1012 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
13:56:28.0575 1012 umbus - ok
13:56:28.0684 1012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
13:56:28.0684 1012 UmPass - ok
13:56:28.0856 1012 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
13:56:28.0887 1012 USBAAPL64 - ok
13:56:29.0012 1012 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
13:56:29.0043 1012 usbaudio - ok
13:56:29.0183 1012 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
13:56:29.0199 1012 usbccgp - ok
13:56:29.0277 1012 USBCCID - ok
13:56:29.0417 1012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
13:56:29.0417 1012 usbcir - ok
13:56:29.0558 1012 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
13:56:29.0558 1012 usbehci - ok
13:56:29.0729 1012 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
13:56:29.0761 1012 usbhub - ok
13:56:29.0885 1012 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
13:56:29.0885 1012 usbohci - ok
13:56:30.0026 1012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
13:56:30.0026 1012 usbprint - ok
13:56:30.0166 1012 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
13:56:30.0197 1012 usbscan - ok
13:56:30.0322 1012 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\drivers\USBSTOR.SYS
13:56:30.0338 1012 USBSTOR - ok
13:56:30.0463 1012 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\DRIVERS\usbuhci.sys
13:56:30.0478 1012 usbuhci - ok
13:56:30.0603 1012 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
13:56:30.0634 1012 usbvideo - ok
13:56:30.0775 1012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
13:56:30.0790 1012 vdrvroot - ok
13:56:30.0931 1012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:56:30.0931 1012 vga - ok
13:56:31.0040 1012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:56:31.0040 1012 VgaSave - ok
13:56:31.0149 1012 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
13:56:31.0149 1012 vhdmp - ok
13:56:31.0258 1012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
13:56:31.0258 1012 viaide - ok
13:56:31.0367 1012 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
13:56:31.0367 1012 volmgr - ok
13:56:31.0477 1012 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
13:56:31.0492 1012 volmgrx - ok
13:56:31.0601 1012 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
13:56:31.0633 1012 volsnap - ok
13:56:31.0773 1012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
13:56:31.0773 1012 vsmraid - ok
13:56:31.0882 1012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys
13:56:31.0898 1012 vwifibus - ok
13:56:32.0038 1012 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:56:32.0038 1012 vwififlt - ok
13:56:32.0179 1012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
13:56:32.0179 1012 WacomPen - ok
13:56:32.0319 1012 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
13:56:32.0335 1012 WANARP - ok
13:56:32.0350 1012 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
13:56:32.0350 1012 Wanarpv6 - ok
13:56:32.0522 1012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
13:56:32.0522 1012 Wd - ok
13:56:32.0647 1012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:56:32.0647 1012 Wdf01000 - ok
13:56:32.0818 1012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:56:32.0818 1012 WfpLwf - ok
13:56:32.0927 1012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:56:32.0927 1012 WIMMount - ok
13:56:33.0115 1012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
13:56:33.0130 1012 WmiAcpi - ok
13:56:33.0286 1012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:56:33.0286 1012 ws2ifsl - ok
13:56:33.0458 1012 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
13:56:33.0458 1012 WudfPf - ok
13:56:33.0598 1012 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
13:56:33.0598 1012 WUDFRd - ok
13:56:33.0676 1012 MBR (0x1B8) (8a0fc4f7b021d70c614f5de2d74c557e) \Device\Harddisk0\DR0
13:56:33.0739 1012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
13:56:33.0739 1012 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
13:56:33.0754 1012 Boot (0x1200) (d081f37bd3d62809c092d0aea6ad5670) \Device\Harddisk0\DR0\Partition0
13:56:33.0754 1012 \Device\Harddisk0\DR0\Partition0 - ok
13:56:33.0754 1012 ============================================================
13:56:33.0754 1012 Scan finished
13:56:33.0754 1012 ============================================================
13:56:33.0770 3812 Detected object count: 1
13:56:33.0770 3812 Actual detected object count: 1
13:56:48.0559 3812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
13:56:48.0559 3812 \Device\Harddisk0\DR0 - ok
13:56:48.0559 3812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
13:56:51.0289 3276 Deinitialize success


Combofix log:

ComboFix 12-02-09.04 - Michael 02/09/2012 17:49:30.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.1415 [GMT -5:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Roaming\3AD6C
c:\users\Michael\AppData\Roaming\3AD6C\C62D.AD6
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\d.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 22:59 . 2012-02-09 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 02:07 . 2012-01-31 02:07 -------- d-----w- c:\windows\system32\drivers\NISx64\1207000.00D
2012-01-23 21:19 . 2012-01-23 21:19 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2012-01-23 21:19 . 2012-01-23 21:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-23 19:06 . 2012-01-23 19:18 -------- d-----w- c:\users\Michael\AppData\Local\NPE
2012-01-23 02:48 . 2012-01-23 02:48 -------- d-----w- c:\users\Michael\AppData\Local\Symantec
2012-01-23 02:46 . 2012-01-23 02:46 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-01-23 02:46 . 2012-01-23 02:46 -------- d-----w- c:\users\Michael\AppData\Roaming\FixTDSS
2012-01-21 17:54 . 2012-02-09 04:29 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-01-21 02:54 . 2012-02-09 02:14 -------- d-----w- c:\users\Michael\rupert.brady
2012-01-18 01:08 . 2012-01-18 01:08 -------- d-----w- c:\program files (x86)\Atari
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\users\Michael\AppData\Local\Desura
2012-01-12 19:59 . 2012-01-12 19:59 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-01-12 19:48 . 2012-01-12 19:48 -------- d-----w- c:\programdata\Desura
2012-01-12 19:48 . 2012-01-12 20:06 -------- d-----w- c:\program files (x86)\Desura
2012-01-11 16:56 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:56 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 16:56 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:56 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 16:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 16:56 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:56 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-05-16 19:55 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-14 22:48 3141632 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-23_18.28.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-25 22:37 . 2011-11-17 05:35 96768 c:\windows\SysWOW64\sspicli.dll
- 2010-05-23 15:35 . 2009-12-11 07:36 96768 c:\windows\SysWOW64\sspicli.dll
- 2010-05-23 15:35 . 2009-12-11 07:39 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-01-25 22:37 . 2011-11-17 05:39 22016 c:\windows\SysWOW64\secur32.dll
+ 2009-12-01 04:30 . 2012-01-24 14:01 59542 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-26 13:59 49764 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-22 19:09 . 2012-01-26 13:59 18666 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4171711253-1730639078-1137701345-1002_UserData.bin
+ 2012-01-25 22:37 . 2011-11-17 07:11 28672 c:\windows\system32\sspisrv.dll
- 2009-07-13 23:20 . 2009-07-14 01:41 28672 c:\windows\system32\sspisrv.dll
+ 2012-01-25 22:37 . 2011-11-17 07:11 28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:50 . 2009-07-14 01:41 28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2012-01-25 22:37 . 2011-11-17 07:05 31232 c:\windows\system32\lsass.exe
+ 2012-01-31 02:07 . 2011-03-31 03:00 40568 c:\windows\system32\drivers\NISx64\1207000.00D\srtspx64.sys
+ 2012-01-25 22:37 . 2011-11-17 07:17 95088 c:\windows\system32\drivers\ksecdd.sys
- 2010-05-22 22:02 . 2012-01-23 11:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-22 22:02 . 2012-02-09 22:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-22 22:02 . 2012-02-09 22:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-22 22:02 . 2012-01-23 11:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-23 11:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-09 22:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-22 19:14 . 2012-01-26 13:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-22 19:14 . 2012-01-23 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2012-01-14 01:08 80968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-01-26 23:17 80968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-05-22 19:14 . 2012-01-26 13:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-22 19:14 . 2012-01-23 18:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-22 19:14 . 2012-01-26 13:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-22 19:14 . 2012-01-23 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-22 19:14 . 2012-02-09 22:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-22 19:14 . 2012-01-23 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-22 19:14 . 2012-01-23 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-22 19:14 . 2012-02-09 22:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-01 02:34 . 2012-02-01 02:34 25600 c:\windows\Installer\1c75ad88.msi
+ 2010-06-09 07:23 . 2012-01-23 19:15 3818 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-01-23 18:28 . 2012-01-23 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-26 13:57 . 2012-01-26 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-26 13:57 . 2012-01-26 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-23 18:28 . 2012-01-23 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-25 22:37 . 2011-11-17 05:39 314368 c:\windows\SysWOW64\webio.dll
- 2010-12-15 20:50 . 2010-10-16 04:36 314368 c:\windows\SysWOW64\webio.dll
+ 2012-01-25 22:37 . 2011-11-17 05:39 224768 c:\windows\SysWOW64\schannel.dll
+ 2012-01-23 21:14 . 2011-11-10 10:54 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-01-23 21:14 . 2011-11-10 10:54 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-01-23 21:14 . 2011-11-10 10:54 149280 c:\windows\SysWOW64\java.exe
+ 2011-02-09 18:32 . 2011-11-10 10:54 472808 c:\windows\SysWOW64\deployJava1.dll
- 2011-02-09 18:32 . 2011-02-09 18:32 472808 c:\windows\SysWOW64\deployJava1.dll
+ 2012-01-25 22:37 . 2011-11-17 07:12 395776 c:\windows\system32\webio.dll
- 2010-12-15 20:50 . 2010-10-16 05:19 395776 c:\windows\system32\webio.dll
+ 2010-05-23 15:30 . 2012-02-09 21:50 265292 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-13 23:20 . 2009-07-14 01:41 136192 c:\windows\system32\sspicli.dll
+ 2012-01-25 22:37 . 2011-11-17 07:11 136192 c:\windows\system32\sspicli.dll
+ 2012-01-25 22:37 . 2011-11-17 07:10 340992 c:\windows\system32\schannel.dll
- 2010-10-14 05:39 . 2010-08-21 06:36 340992 c:\windows\system32\schannel.dll
+ 2012-01-31 02:07 . 2011-04-21 01:37 386168 c:\windows\system32\drivers\NISx64\1207000.00D\symnets.sys
+ 2012-01-31 02:07 . 2011-03-15 02:31 912504 c:\windows\system32\drivers\NISx64\1207000.00D\symefa64.sys
+ 2012-01-31 02:07 . 2011-01-27 06:47 450680 c:\windows\system32\drivers\NISx64\1207000.00D\symds64.sys
+ 2012-01-31 02:07 . 2011-03-31 03:00 744568 c:\windows\system32\drivers\NISx64\1207000.00D\srtsp64.sys
+ 2012-01-31 02:07 . 2011-01-27 05:07 171128 c:\windows\system32\drivers\NISx64\1207000.00D\ironx64.sys
+ 2012-01-25 22:37 . 2011-11-17 07:17 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-01-25 22:37 . 2011-11-17 07:15 460296 c:\windows\system32\drivers\cng.sys
+ 2009-07-14 05:12 . 2012-02-07 15:25 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-12-13 01:57 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-01-23 18:27 356088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-26 03:04 356088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-22 05:01 . 2009-07-22 05:01 251904 c:\windows\Installer\1114410.msi
+ 2009-07-22 05:08 . 2009-07-22 05:08 262144 c:\windows\Installer\111440b.msi
+ 2012-01-25 22:37 . 2011-11-17 07:08 1446912 c:\windows\system32\lsasrv.dll
- 2010-05-23 15:35 . 2009-12-11 09:24 1446912 c:\windows\system32\lsasrv.dll
- 2009-07-14 04:45 . 2012-01-12 18:59 3802471 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-26 14:00 3802471 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-06-24 07:16 . 2012-01-23 22:36 1065400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4171711253-1730639078-1137701345-1002-8192.dat
- 2010-06-24 07:16 . 2012-01-23 02:46 1065400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4171711253-1730639078-1137701345-1002-8192.dat
+ 2010-10-14 07:23 . 2012-01-26 03:04 2245208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4171711253-1730639078-1137701345-1002-12288.dat
- 2010-10-14 07:23 . 2012-01-23 18:27 2245208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4171711253-1730639078-1137701345-1002-12288.dat
+ 2009-07-14 02:34 . 2012-02-09 14:31 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-01-23 06:04 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files (x86)\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoAQgBDAFgAUQAtAEwARABSAFoAQQAtAEIAQQBCAFAAQQAtAFMANwBSAFAATQAtAFAANgBKADYAUAA&inst=NwA2AC0ANQA1ADkANQA2ADAAOQA1ADcALQBQAEwAKwA5AC0AWABPADMANgArADEALQBVAFIAMgAwADEAMQArADMALQBOADEARAArADEA&prod=92&ver=9.0.872" [?]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 135664]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-01-12 131912]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 135664]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120208.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ERASERUTILDRV11122
*Deregistered* - EraserUtilDrv11122
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 22:23]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 22:23]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4171711253-1730639078-1137701345-1002Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 01:33]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4171711253-1730639078-1137701345-1002UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 01:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80470&lng=en
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80470&language=en&qkw=
FF - prefs.js: network.proxy.ftp - 109.123.70.47
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 109.123.70.47
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 109.123.70.47
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 109.123.70.47
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
Wow6432Node-HKCU-Run-swg - c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Toolbar-Locked - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f4,94,11,42,7d,c8,d5,11,56,8b,45,11,fa,7e,e5,cf,b3,29,d0,1b,c6,61,6f,
d9,bb,48,95,cb,c5,7e,74,fe,f4,03,0d,e0,df,88,26,f8,3f,e1,0e,1c,d8,ee,f1,a9,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
.
[HKEY_USERS\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\SecuROM\License information*]
"datasecu"=hex:90,be,aa,80,85,f6,fa,66,8d,cb,65,e4,db,09,fb,a0,8d,8c,ab,52,d7,
9b,7c,1f,0d,37,08,96,ec,e6,77,a3,71,bd,f5,95,91,8a,b5,62,6b,4c,95,b5,93,ea,\
"rkeysecu"=hex:55,10,36,b2,a7,ff,00,d3,0b,bf,39,f5,78,3e,ad,0a
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\04\0f\02&\0c?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-09 18:02:12
ComboFix-quarantined-files.txt 2012-02-09 23:02
ComboFix2.txt 2012-01-23 20:45
ComboFix3.txt 2012-01-23 18:35
.
Pre-Run: 59,259,064,320 bytes free
Post-Run: 59,086,446,592 bytes free
.
- - End Of File - - FC47B13B200018E043847D8D8F22E3BF

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 PM

Posted 09 February 2012 - 07:25 PM

Hi,

you can delete the consrv file manually, I think. The loading point for it was removed, so the file itself should not be doing anything.

How is the PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 PoorYorick

PoorYorick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 09 February 2012 - 07:55 PM

While I really do trust your advice and appreciate the help you've given me thus far, I have to ask if you are absolutely sure that it will not cause startup issues if I try to delete the file.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 PM

Posted 10 February 2012 - 05:34 AM

Hi Pooryorick,

k, so let's check. :) The consrv.dll is part of ZeroAccess, on 64bit system, this infection loads itself by using the consrv.dll Windows value in the registry under hklm\system\ccs\control\session manager\subsystems.

So I would suggest opening Regedit (press Windows-key+R and type in regedit). Then navigate to Hkey_Local_Machine -> System->Currentcontrolset->control->session manager->Subsystems. In the right part highlight the Windows value.
If the infection is still active it will contain the string: “consrv:ConServerDllInitialization”
If the infection has been removed this string will have been replaced with: “winsrv:ConServerDllInitialization”
So if consrv is no longer in that key, the file is not being loaded.

If the Windows value still contained the consrv entry, it should be showing in the logs, however it doesn't. Which is why I think the infection is no longer active and the file can safely be deleted.

This being said, should you delete the file and the system no longer boots, this is not the end of the world. We could either use the repair environment to run startup repair and get your PC back to booting, or we could the command line of the repair environment to copy winsrv.dll to consrv.dll and the PC would be back to booting, or we could create our own bootable flash drive and copy winsrv.dll to consrv.dll from there.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 PoorYorick

PoorYorick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 10 February 2012 - 05:09 PM

It says that I need permission from SCATES/Michael to make changes to the consrv.dll file, so I'm having trouble deleting it.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 PM

Posted 10 February 2012 - 05:15 PM

Hi,

you need to use an elevated explorer, probably. Open Start Menu and type explorer into the search bar. Then right-click on the result and choose run as administrator. Navigate to the file and delete (or rename it to consrv.dll.old if you're still worried about deleting it, that way you can restore it later)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 PoorYorick

PoorYorick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 10 February 2012 - 09:04 PM

When I right-clicked windows explorer in the start menu, there was no option to run as administrator. But then I opened its file location and ran it as administrator from the windows folder (the folder that the windows explorer program is located in), then tried to delete consrv.dll again and it still said I needed permission to delete it.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 PM

Posted 13 February 2012 - 04:05 PM

Hi,
let's look for that consrv.dll then:

We need to create an OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 PoorYorick

PoorYorick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 17 February 2012 - 03:47 PM

OTL.txt

OTL logfile created on: 2/17/2012 2:38:43 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 40.89% Memory free
7.17 Gb Paging File | 5.52 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): c:\pagefile.sys 4404 4404 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.43 Gb Total Space | 49.39 Gb Free Space | 22.20% Space Free | Partition Type: NTFS
Drive L: | 410.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SCATES | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 13:57:57 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2012/02/11 13:57:56 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2012/01/30 18:19:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
PRC - [2010/07/01 20:14:03 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/11 13:57:57 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll
MOD - [2011/10/06 14:22:06 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
MOD - [2006/09/06 05:13:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll
MOD - [2006/03/14 16:38:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxdrec.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/13 13:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/08/21 11:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2008/01/09 11:37:38 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2006/10/11 17:36:58 | 000,561,152 | ---- | M] ( ) [Auto | Running] -- C:\windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2012/01/12 14:58:36 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/22 11:56:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2010/11/12 17:30:59 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/01 20:14:03 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/22 21:46:29 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixTDSS.sys -- (FixTDSS)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/06 12:15:58 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 14:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/10/27 09:05:02 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 18:04:06 | 000,446,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/11/29 01:20:32 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/11/29 01:20:24 | 000,054,288 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/02/03 23:40:40 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 23:40:40 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/31 10:35:53 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120216.033\EX64.SYS -- (NAVEX15)
DRV - [2011/12/31 10:35:53 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120216.033\ENG64.SYS -- (NAVENG)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120216.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/08/22 13:25:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62889

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62889



IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80470&lng=en
IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.18.0
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.41
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80470&language=en&qkw="
FF - prefs.js..network.proxy.backup.ftp: "93.189.5138"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "93.189.5138"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "93.189.5138"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "109.123.70.47"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "109.123.70.47"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "109.123.70.47"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "109.123.70.47"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/16 12:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2 [2012/02/17 03:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2012/02/11 13:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2012/01/23 16:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/17 15:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/17 15:34:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B0BA5CF0-CFD3-44B9-8185-5D18EA43C961}: C:\Users\Michael\AppData\Local\{B0BA5CF0-CFD3-44B9-8185-5D18EA43C961}\ [2011/05/16 00:27:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EC41717B-855C-445D-810C-EF497A5A2BC3}: C:\Users\Michael\AppData\Local\{EC41717B-855C-445D-810C-EF497A5A2BC3} [2011/05/16 01:22:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{383586D1-AE53-42C9-8FB3-B9EA3279C359}: C:\Users\Michael\AppData\Local\{383586D1-AE53-42C9-8FB3-B9EA3279C359} [2011/05/16 11:45:50 | 000,000,000 | ---D | M]

[2010/07/01 12:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/02/17 10:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions
[2010/09/04 21:31:30 | 000,000,000 | ---D | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/01/15 14:48:31 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/02/17 10:04:51 | 000,000,000 | ---D | M] (Softonic English FF Community Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}
[2011/06/24 13:59:10 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\battlefieldheroespatcher@ea.com
[2011/03/24 10:25:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\engine@conduit.com
[2011/08/14 21:47:50 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\extensions\plugin@yontoo.com
[2011/03/02 11:50:57 | 000,002,292 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\searchplugins\inbox-search.xml
[2011/06/27 09:27:59 | 000,002,470 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ngthd437.default\searchplugins\safesearch.xml
[2011/03/24 10:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/09 13:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NGTHD437.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011/04/30 10:14:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/09 13:32:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/27 16:23:38 | 000,081,920 | ---- | M] (Kaneva, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\npkanevapatch.dll
[2010/12/07 17:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Kaneva WOK Patch Plugin for Mozilla 3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npkanevapatch.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Ancient History Encyclopedia = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\2_0\
CHR - Extension: Angry Birds = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Brushed = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: 3D Solar System Web = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd\0.21_0\
CHR - Extension: Google Books = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.0.0.0_0\
CHR - Extension: Yontoo Layers = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\

O1 HOSTS File: ([2012/02/09 17:59:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4171711253-1730639078-1137701345-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA49B850-3E3B-4441-877C-44402FE23A03}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 13:09:26 | 004,388,468 | ---- | C] (Swearware) -- C:\Users\Michael\Desktop\combofix.exe
[2012/02/16 14:04:08 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/02/16 14:03:51 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/02/16 14:03:51 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/02/16 14:03:39 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012/02/16 14:03:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/02/16 14:03:27 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/02/16 14:03:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/02/16 14:03:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2012/02/16 14:03:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/02/16 14:03:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/02/16 14:03:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/02/16 14:03:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/02/16 14:03:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2012/02/16 14:03:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2012/02/16 14:03:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2012/02/16 14:03:26 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/02/16 14:03:26 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/02/16 14:03:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2012/02/16 14:03:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2012/02/11 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Lionhead Studios
[2012/02/11 12:12:48 | 000,000,000 | ---D | C] -- C:\Games
[2012/02/10 17:05:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/09 18:02:15 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/01/30 18:19:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/01/25 17:37:32 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/01/25 17:37:32 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/01/25 17:37:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/01/25 17:37:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/01/25 17:37:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/01/25 17:37:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/01/23 16:19:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2012/01/23 16:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/23 16:14:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/01/23 16:14:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/01/23 16:14:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/01/23 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\NPE
[2012/01/23 13:54:13 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2012/01/23 13:14:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/23 13:14:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/23 13:14:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/23 13:06:31 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/23 12:34:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Symantec
[2012/01/22 21:46:29 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixTDSS.sys
[2012/01/22 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FixTDSS
[2012/01/22 09:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/01/21 12:54:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2012/01/21 12:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2012/01/20 21:54:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\rupert.brady
[2011/02/09 15:14:29 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxinpa.dll
[2011/02/09 15:14:29 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxiesc.dll
[2011/02/09 15:14:28 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxpmui.dll
[2011/02/09 15:14:26 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxusb1.dll
[2011/02/09 15:14:25 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxserv.dll
[2011/02/09 15:14:25 | 000,176,128 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxppls.exe
[2011/02/09 15:14:25 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxprox.dll
[2011/02/09 15:14:24 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxlmpm.dll
[2011/02/09 15:14:24 | 000,380,928 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxih.exe
[2011/02/09 15:14:24 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxpplc.dll
[2011/02/09 15:14:23 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxhbn3.dll
[2011/02/09 15:14:23 | 000,532,480 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcoms.exe
[2011/02/09 15:14:23 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcomm.dll
[2011/02/09 15:14:22 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcomc.dll
[2011/02/09 15:14:22 | 000,381,832 | ---- | C] ( ) -- C:\windows\SysWow64\dlcxcfg.exe
[2 C:\Users\Michael\Documents\*.tmp files -> C:\Users\Michael\Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/17 14:39:15 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 14:23:01 | 000,000,916 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4171711253-1730639078-1137701345-1002UA.job
[2012/02/17 13:09:26 | 004,388,468 | ---- | M] (Swearware) -- C:\Users\Michael\Desktop\combofix.exe
[2012/02/17 03:39:27 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 03:39:27 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 03:29:59 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 03:28:52 | 000,368,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/02/17 03:28:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/17 03:28:32 | 2309,660,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 03:06:17 | 000,876,084 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/17 03:06:17 | 000,720,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/17 03:06:17 | 000,141,882 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/16 23:28:25 | 000,002,425 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012/02/16 15:22:00 | 000,000,864 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4171711253-1730639078-1137701345-1002Core.job
[2012/02/16 14:02:51 | 001,926,370 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1207000.00D\Cat.DB
[2012/02/16 12:47:50 | 000,002,500 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/09 17:59:21 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/01/30 18:19:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/01/29 23:31:42 | 000,071,583 | ---- | M] () -- C:\Users\Michael\H_Hoffmann_Struwwel_08.jpg
[2012/01/27 23:52:38 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1207000.00D\isolate.ini
[2012/01/26 11:25:20 | 000,002,184 | ---- | M] () -- C:\{51031483-293D-42C8-97D6-832005BA515E}
[2012/01/23 22:59:48 | 000,002,408 | ---- | M] () -- C:\{731EBAC0-5877-418D-AF80-78C9D8E61AE9}
[2012/01/23 19:22:32 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2012/01/23 16:19:04 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 15:09:42 | 000,002,288 | ---- | M] () -- C:\{5BF2E184-A334-4638-B275-88BCF5F7E0C1}
[2012/01/23 15:08:26 | 000,002,184 | ---- | M] () -- C:\{81429BF0-30FA-4176-957E-B693FFB8B6A5}
[2012/01/23 13:53:40 | 002,035,725 | ---- | M] () -- C:\Users\Michael\Desktop\tdsskiller.zip
[2012/01/22 21:51:13 | 000,002,840 | ---- | M] () -- C:\{EF2EDFF6-2BD5-43B7-A309-E332E654955A}
[2012/01/22 21:46:29 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixTDSS.sys
[2012/01/22 09:25:51 | 000,002,331 | ---- | M] () -- C:\Users\Public\Desktop\Harry Potter and the Half-Blood Prince™.lnk
[2012/01/21 13:26:13 | 000,000,241 | ---- | M] () -- C:\windows\QQPlayer.INI
[2012/01/21 12:57:15 | 000,000,978 | ---- | M] () -- C:\Users\Michael\Desktop\KMPlayer.lnk
[2012/01/19 13:10:18 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2 C:\Users\Michael\Documents\*.tmp files -> C:\Users\Michael\Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/29 22:29:20 | 000,071,583 | ---- | C] () -- C:\Users\Michael\H_Hoffmann_Struwwel_08.jpg
[2012/01/26 11:25:20 | 000,002,184 | ---- | C] () -- C:\{51031483-293D-42C8-97D6-832005BA515E}
[2012/01/23 22:59:48 | 000,002,408 | ---- | C] () -- C:\{731EBAC0-5877-418D-AF80-78C9D8E61AE9}
[2012/01/23 19:22:32 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2012/01/23 16:19:04 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 15:09:41 | 000,002,288 | ---- | C] () -- C:\{5BF2E184-A334-4638-B275-88BCF5F7E0C1}
[2012/01/23 15:08:25 | 000,002,184 | ---- | C] () -- C:\{81429BF0-30FA-4176-957E-B693FFB8B6A5}
[2012/01/23 13:53:29 | 002,035,725 | ---- | C] () -- C:\Users\Michael\Desktop\tdsskiller.zip
[2012/01/23 13:14:49 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/23 13:14:49 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/23 13:14:49 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/23 13:14:49 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/23 13:14:49 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/22 21:51:10 | 000,002,840 | ---- | C] () -- C:\{EF2EDFF6-2BD5-43B7-A309-E332E654955A}
[2012/01/22 09:25:50 | 000,002,331 | ---- | C] () -- C:\Users\Public\Desktop\Harry Potter and the Half-Blood Prince™.lnk
[2012/01/21 12:54:22 | 000,000,978 | ---- | C] () -- C:\Users\Michael\Desktop\KMPlayer.lnk
[2011/12/18 11:07:03 | 000,007,627 | ---- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2011/11/17 15:46:33 | 000,157,196 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/11/14 12:08:18 | 000,000,174 | ---- | C] () -- C:\windows\game.ini
[2011/07/09 14:41:25 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/05/07 22:09:46 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/02/09 15:14:29 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\dlcxinst.dll
[2011/02/09 15:14:29 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\dlcxjswr.dll
[2011/02/09 15:14:28 | 000,454,656 | ---- | C] () -- C:\windows\SysWow64\dlcxutil.dll
[2011/02/09 15:14:28 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\dlcxinsr.dll
[2011/02/09 15:14:28 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dlcxcur.dll
[2011/02/09 15:14:27 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\dlcxinsb.dll
[2011/02/09 15:14:27 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\dlcxins.dll
[2011/02/09 15:14:27 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\dlcxcub.dll
[2011/02/09 15:14:26 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\dlcxcu.dll
[2011/02/09 15:14:21 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\DLCXcfg.dll
[2010/12/05 18:39:54 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2010/11/15 21:08:38 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/10/13 12:36:32 | 000,000,095 | ---- | C] () -- C:\Users\Michael\AppData\Local\fusioncache.dat
[2010/10/12 17:17:41 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2010/09/25 14:55:51 | 000,000,241 | ---- | C] () -- C:\windows\QQPlayer.INI
[2010/09/17 12:17:05 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2010/07/04 19:34:05 | 000,011,264 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/01 20:14:04 | 000,215,016 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2010/07/01 20:14:03 | 002,427,248 | ---- | C] () -- C:\windows\SysWow64\pbsvc_heroes.exe
[2010/07/01 20:14:03 | 000,075,064 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2010/06/18 18:46:09 | 000,000,654 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2010/05/25 12:05:35 | 000,877,690 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/04/20 04:17:02 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/08/27 10:05:12 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/08/27 10:05:12 | 000,439,300 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/08/27 10:05:12 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/08/27 10:05:12 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2006/10/01 22:03:07 | 000,108,032 | ---- | C] () -- C:\windows\SysWow64\gc.dll
[2003/04/08 22:28:44 | 000,233,472 | R--- | C] () -- C:\windows\SysWow64\MafiaSetup.exe

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: CONSRV.DLL >
[2009/07/13 20:39:46 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\windows\SysNative\consrv.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users