Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Sirefef & Alureon now computer fails to start


  • This topic is locked This topic is locked
13 replies to this topic

#1 glennordway

glennordway

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 05 April 2012 - 07:29 PM

Hello,

I am having issues that i cant seem to overcome and was looking for assistance in these issues.

My brother in law asked me to try and remove the "System Check" Virus/Malware and after following your guide: Remove System Check (Uninstall Guide) (which worked great to remove the "System Check" issue) I installed Microsoft Security Essentials which I have used on all my machines with no issues so far, it found both Alureon and Sirefef Root Kits. After restarting the Computer it failed to start. Possibly deleted files necessary for Windows to work properly.

None the less, I am stuck and am not sure what can be done to restore the PC at this point. If anyone can assist me, it would be greatly appreciated.

Thanks in Advance,

Glenn


Windows 7 64Bit OS In case this is needed.

I tried to do a system restore to no avail and came up with the following log:



Problem Signature:
Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 21200879
Problem Signature 05: AutoFailover
Problem Signature 06: 3
Problem Signature 07: NoRootCause
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033


Then I got this log as well:


Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: ‎4/‎5/‎2012 1:18:17 AM (GMT)
Number of repair attempts: 3

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 15 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 32 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 202 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 266 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 124 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 63 ms

Test Performed:
---------------------------
Name: Boot status test
Result: Completed successfully. Error code = 0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Setup state check
Result: Completed successfully. Error code = 0x0
Time taken = 608 ms

Test Performed:
---------------------------
Name: Registry hives test
Result: Completed successfully. Error code = 0x0
Time taken = 3542 ms

Test Performed:
---------------------------
Name: Windows boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Bugcheck analysis
Result: Completed successfully. Error code = 0x0
Time taken = 1232 ms

Test Performed:
---------------------------
Name: Access control test
Result: Completed successfully. Error code = 0x0
Time taken = 30327 ms

Test Performed:
---------------------------
Name: File system test (chkdsk)
Result: Completed successfully. Error code = 0x0
Time taken = 109434 ms

Test Performed:
---------------------------
Name: Software installation log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Fallback diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Root cause found:
---------------------------
Unspecified changes to system configuration might have caused the problem.

Repair action: System Restore
Result: Failed. Error code = 0x1f
Time taken = 2382089 ms

Repair action: System files integrity check and repair
Result: Failed. Error code = 0x490
Time taken = 1040168 ms

---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 32 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 187 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 234 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 140 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 32 ms

Test Performed:
---------------------------
Name: Boot status test
Result: Completed successfully. Error code = 0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Setup state check
Result: Completed successfully. Error code = 0x0
Time taken = 546 ms

Test Performed:
---------------------------
Name: Registry hives test
Result: Completed successfully. Error code = 0x0
Time taken = 3525 ms

Test Performed:
---------------------------
Name: Windows boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Bugcheck analysis
Result: Completed successfully. Error code = 0x0
Time taken = 1233 ms

Test Performed:
---------------------------
Name: Access control test
Result: Completed successfully. Error code = 0x0
Time taken = 30436 ms

Test Performed:
---------------------------
Name: File system test (chkdsk)
Result: Completed successfully. Error code = 0x0
Time taken = 11793 ms

Root cause found:
---------------------------
System volume on disk is corrupt.

Repair action: File system repair (chkdsk)
Result: Completed successfully. Error code = 0x0
Time taken = 105519 ms

---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 15 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 187 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 250 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 124 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Boot status test
Result: Compl



Then based on other posts i came across, i ran Farbar Recovery Scan Tool x64 and followed the instructions in this post. Here is the FRST Log as well.



Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 05-04-2012 20:11:22
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [166424 2009-11-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [390168 2009-11-13] (Intel Corporation)
HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [408600 2009-11-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [506208 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [911160 2009-10-26] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] "C:\windows\system32\thpsrv" /logon [x]
HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [Comcast_McciTrayApp] "C:\Program Files\Comcast\pcTrayApp.exe" [2727936 2012-01-18] (Alcatel-Lucent)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [x]
HKLM-x32\...\Run: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x]
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions [598016 2009-11-19] (Teleca Sweden AB)
HKLM-x32\...\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [104408 2010-08-05] (PC Tools)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [80448 2010-12-15] (ArcSoft, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2007-08-16] (Sonic Solutions)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [273544 2011-05-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [353728 2011-06-17] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray [6515784 2009-11-06] (Webroot Software, Inc.)
HKU\fatty\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-11] (Google Inc.)
HKU\fatty\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\fatty\...\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide [1589208 2009-08-19] ()
HKU\fatty\...\Run: [BIBLauncher] "C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe" [858080 2011-02-21] ()
HKU\fatty\...\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" [9728 2009-07-13] (Microsoft Corporation)
HKU\fatty\...\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [5486464 2012-01-18] (SUPERAntiSpyware.com)
HKU\fatty\...\Run: [DownloadManager] "C:\Program Files (x86)\Download Manager\DownloadManager.exe" /as [612352 2012-02-21] (DownloadManager)
HKLM\...\Runonce: [NCInstallQueue] "rundll32" netman.dll,ProcessQueue [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2009-10-02] (Intel Corporation)
2 ITMRTSVC; "C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe" [283912 2007-09-26] (CA, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll" /prefetch:1 [132984 2009-08-28] (Symantec Corporation)
2 pcCMService; "C:\Program Files (x86)\Common Files\Motive\pcCMService.exe" [361472 2012-01-18] (Alcatel-Lucent)
2 pcCMService64; "C:\Program Files\Common Files\Motive\pcCMService.exe" [441344 2012-01-18] (Alcatel-Lucent)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
2 ppdrv; C:\windows\system32\svchost.exe -k ppdrv [27136 2009-07-13] (Microsoft Corporation)
2 ppdrv; C:\windows\SysWow64\svchost.exe -k ppdrv [20992 2009-07-13] (Microsoft Corporation)
2 ppped; "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe" [1000896 2011-06-17] (Cyber Power Systems, Inc.)
2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-19] ()
2 SPCSUtilityService; "C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe" [131072 2007-04-02] (Sprint Spectrum, L.L.C)
2 Thpsrv; C:\windows\system32\ThpSrv.exe [531520 2009-10-21] (TOSHIBA Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2314240 2009-09-30] (Intel Corporation)
2 WebrootSpySweeperService; "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe" [4048240 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
2 WRConsumerService; "C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe" [1201640 2010-05-16] (Webroot Software, Inc. )

========================== Drivers (Whitelisted) =============

3 Afc; C:\Windows\SysWow64\Drivers\Afc.sys [22784 2006-11-14] (Arcsoft, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys [641584 2009-08-29] (Symantec Corporation)
1 ccHP; C:\Windows\System32\drivers\NISx64\1100000.088\ccHPx64.sys [615040 2009-08-24] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-08-29] (Symantec Corporation)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-01] (HTC, Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys [467504 2009-08-29] (Symantec Corporation)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SRTSP; C:\Windows\System32\drivers\NISx64\1100000.088\SRTSP64.SYS [504880 2009-08-29] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1100000.088\SRTSPX64.SYS [32304 2009-08-29] (Symantec Corporation)
0 ssfs0bbc; C:\Windows\System32\Drivers\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
0 ssidrv; C:\Windows\System32\Drivers\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1100000.088\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1100000.088\SYMEFA64.SYS [217136 2009-08-29] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2011-07-23] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1100000.088\Ironx64.SYS [146992 2009-08-29] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\drivers\NISx64\1100000.088\SYMTDIV.SYS [450608 2009-08-29] (Symantec Corporation)
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-05 20:11 - 2012-04-05 20:11 - 0000000 ____D C:\FRST
2012-04-04 17:25 - 2012-04-04 23:45 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-04 17:08 - 2012-04-04 17:08 - 0000000 ____D C:\Users\fatty\AppData\Local\{9D5A2A97-EB3F-47BA-99F8-9B286618C4CC}
2012-04-04 16:44 - 2012-04-04 16:54 - 0002126 ____A C:\Users\fatty\Desktop\unhide.txt
2012-04-04 15:22 - 2012-04-04 23:45 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 15:22 - 2012-04-04 15:22 - 0000000 ____D C:\Users\fatty\AppData\Roaming\Malwarebytes
2012-04-04 15:22 - 2012-04-04 15:22 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-04 15:22 - 2012-04-04 15:22 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-04 15:20 - 2012-04-04 15:20 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-04 15:18 - 2012-04-04 15:21 - 0142654 ____A C:\TDSSKiller.2.7.24.0_04.04.2012_19.18.05_log.txt
2012-04-04 15:17 - 2012-04-04 15:17 - 0000361 ____A C:\rkill.log
2012-04-04 15:16 - 2012-04-02 17:43 - 0000091 ____A C:\Users\fatty\Desktop\Remove System Check (Uninstall Guide).url
2012-04-02 15:31 - 2012-04-02 15:31 - 0000000 ____D C:\Users\fatty\AppData\Local\{672DA243-7D71-443F-9A8D-E0C7D8C7D0E9}
2012-03-29 06:37 - 2012-03-29 06:37 - 0000000 ____D C:\Users\fatty\AppData\Local\{5C1A0A92-FBD8-430F-BE65-0B6AA581FAC1}
2012-03-29 06:12 - 2012-03-29 06:12 - 0000000 ____D C:\Users\fatty\AppData\Local\{C1471A13-C7B4-4FDD-AC22-6DA55D08E3E4}
2012-03-29 05:53 - 2012-03-29 05:53 - 0000000 ____D C:\Users\fatty\AppData\Local\{74EFAD48-BA1F-4D14-95E6-B1F96BFE5194}
2012-03-29 05:05 - 2012-04-04 23:45 - 0000000 ____D C:\Users\All Users\!SASCORE
2012-03-29 05:05 - 2012-03-29 05:05 - 0000000 ____D C:\ProgramData\!SASCORE
2012-03-29 04:02 - 2012-03-29 04:02 - 0000336 ____A C:\Users\All Users\QM6YB1CsgspHZF
2012-03-29 04:02 - 2012-03-29 04:02 - 0000336 ____A C:\ProgramData\QM6YB1CsgspHZF
2012-03-29 04:02 - 2012-03-29 04:02 - 0000264 ____A C:\Users\All Users\~QM6YB1CsgspHZF
2012-03-29 04:02 - 2012-03-29 04:02 - 0000264 ____A C:\ProgramData\~QM6YB1CsgspHZF
2012-03-29 04:02 - 2012-03-29 04:02 - 0000168 ____A C:\Users\All Users\~QM6YB1CsgspHZFr
2012-03-29 04:02 - 2012-03-29 04:02 - 0000168 ____A C:\ProgramData\~QM6YB1CsgspHZFr
2012-03-29 03:50 - 2012-03-29 03:50 - 0000000 ____D C:\Windows\system64
2012-03-26 07:46 - 2012-03-26 07:46 - 0832691 ____A C:\Users\fatty\Downloads\IMAG1218.jpg
2012-03-19 05:12 - 2012-03-19 05:12 - 0000000 ____D C:\Users\fatty\AppData\Local\{FC0EAF3D-9F77-4969-A3FE-56B2F38E5C87}
2012-03-18 05:57 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-18 05:57 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-18 05:57 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-15 06:49 - 2012-03-15 06:49 - 0016976 ____A C:\Users\fatty\Documents\Christian Resume JWB Investment advisor rendition.docx
2012-03-13 13:05 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 13:05 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 13:05 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 09:37 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 09:37 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 09:37 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 09:37 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 09:37 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 09:37 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 09:37 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-13 03:26 - 2012-03-13 03:26 - 0465900 ____A C:\Users\fatty\Downloads\IMAG1176.jpg
2012-03-13 03:26 - 2012-03-13 03:26 - 0464199 ____A C:\Users\fatty\Downloads\IMAG1174.jpg
2012-03-13 03:26 - 2012-03-13 03:26 - 0387638 ____A C:\Users\fatty\Downloads\IMAG1175.jpg
2012-03-12 06:25 - 2012-03-12 06:26 - 0000000 ____D C:\Users\fatty\AppData\Local\{1A2D731F-CEB7-4EBB-B2A4-C962E3C43381}
2012-03-12 06:25 - 2012-03-12 06:25 - 0000000 ____D C:\Users\fatty\AppData\Local\{9074DFD9-D9B5-4E8C-891E-A8EEAADF6AA8}

============ 3 Months Modified Files and Folders =============

2012-04-05 20:11 - 2012-04-05 20:11 - 0000000 ____D C:\FRST
2012-04-04 23:49 - 2012-02-06 06:39 - 0000000 ____D C:\Program Files\Common Files\Motive
2012-04-04 23:49 - 2011-11-08 09:34 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-04 23:49 - 2010-05-15 14:47 - 0000000 ____D C:\users\fatty
2012-04-04 23:49 - 2009-12-11 22:19 - 0000000 ____D C:\Program Files\PlayReady
2012-04-04 23:48 - 2011-07-01 09:32 - 0000000 ____D C:\Windows\System32\SPReview
2012-04-04 23:48 - 2011-07-01 09:30 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-04 23:48 - 2010-12-12 18:05 - 0000000 ____D C:\Windows\Minidump
2012-04-04 23:48 - 2010-09-29 09:34 - 0000000 ____D C:\Windows\Sierra
2012-04-04 23:48 - 2010-09-13 16:23 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-04-04 23:48 - 2010-01-22 13:03 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\tr
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\sv
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\sk
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\ru
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\pt
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\pl
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\no
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\nl
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\it
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\hu
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\fr
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\fi
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\es
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\el
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\de
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\da
2012-04-04 23:48 - 2010-01-22 12:59 - 0000000 ____D C:\Windows\System32\cs
2012-04-04 23:48 - 2010-01-22 12:50 - 0000000 ____D C:\Windows\SysWOW64\sda
2012-04-04 23:48 - 2010-01-22 12:48 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-04-04 23:48 - 2009-12-11 22:27 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-04 23:48 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2012-04-04 23:48 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-04 23:48 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-04-04 23:48 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-04 23:48 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-04 23:48 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-04 23:48 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-04 23:48 - 2009-07-13 20:45 - 0000000 ___AD C:\Windows\Setup
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ___AD C:\Windows\System32\sysprep
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Recovery
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-04 23:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-04 23:47 - 2012-02-21 09:05 - 0000000 ____D C:\Users\fatty\AppData\Local\DownloadManager
2012-04-04 23:47 - 2012-02-06 06:42 - 0000000 ____D C:\Program Files\Comcast
2012-04-04 23:47 - 2012-02-02 07:07 - 0000000 ____D C:\Windows\en
2012-04-04 23:47 - 2012-02-02 07:04 - 0000000 ____D C:\Program Files\Windows Live
2012-04-04 23:47 - 2012-01-16 17:00 - 0000000 ____D C:\Users\Public\CyberLink
2012-04-04 23:47 - 2012-01-16 16:55 - 0000000 ____D C:\Users\All Users\eSellerate
2012-04-04 23:47 - 2012-01-16 16:55 - 0000000 ____D C:\ProgramData\eSellerate
2012-04-04 23:47 - 2012-01-05 09:34 - 0000000 ____D C:\Users\All Users\Brother
2012-04-04 23:47 - 2012-01-05 09:34 - 0000000 ____D C:\ProgramData\Brother
2012-04-04 23:47 - 2011-11-08 09:35 - 0000000 ____D C:\Users\fatty\AppData\Roaming\SUPERAntiSpyware.com
2012-04-04 23:47 - 2011-10-29 11:50 - 0000000 ____D C:\Windows\hpoj4500g510a-f
2012-04-04 23:47 - 2011-07-23 09:59 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-04-04 23:47 - 2011-06-07 14:36 - 0000000 ____D C:\Users\All Users\HP Photo Creations
2012-04-04 23:47 - 2011-06-07 14:36 - 0000000 ____D C:\ProgramData\HP Photo Creations
2012-04-04 23:47 - 2011-06-07 14:35 - 0000000 ____D C:\Users\All Users\HP
2012-04-04 23:47 - 2011-06-07 14:35 - 0000000 ____D C:\ProgramData\HP
2012-04-04 23:47 - 2011-06-07 14:34 - 0000000 ____D C:\Users\fatty\AppData\Local\HP
2012-04-04 23:47 - 2011-06-03 07:10 - 0000000 ____D C:\Program Files\SmartFTP Client
2012-04-04 23:47 - 2011-05-02 07:37 - 0000000 ____D C:\Program Files\Roxio
2012-04-04 23:47 - 2011-02-15 23:28 - 0000000 ____D C:\Users\fatty\Downloads\PhotoshopPortable
2012-04-04 23:47 - 2011-02-11 10:34 - 0000000 ____D C:\Users\fatty\Desktop\PhotoshopPortable
2012-04-04 23:47 - 2011-02-11 09:58 - 0000000 ____D C:\Program Files (x86)\uTorrentBar
2012-04-04 23:47 - 2011-02-11 09:56 - 0000000 ____D C:\Users\fatty\AppData\Roaming\uTorrent
2012-04-04 23:47 - 2011-01-25 18:47 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-04 23:47 - 2011-01-25 18:47 - 0000000 ____D C:\ProgramData\Apple Computer
2012-04-04 23:47 - 2011-01-25 18:47 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-04 23:47 - 2011-01-25 18:46 - 0000000 ____D C:\Users\All Users\Apple
2012-04-04 23:47 - 2011-01-25 18:46 - 0000000 ____D C:\ProgramData\Apple
2012-04-04 23:47 - 2011-01-25 11:48 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-04-04 23:47 - 2011-01-25 11:48 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-04-04 23:47 - 2010-12-20 09:40 - 0000000 ____D C:\Program Files (x86)\xfinitytb
2012-04-04 23:47 - 2010-08-18 13:34 - 0000000 ____D C:\Users\fatty\AppData\Roaming\ArcSoft
2012-04-04 23:47 - 2010-07-17 09:06 - 0000000 ____D C:\Program Files\Best Buy Software Installer
2012-04-04 23:47 - 2010-07-17 09:05 - 0000000 __HDC C:\Users\All Users\{52FD7279-AB6C-4868-9409-1842DECDABD3}
2012-04-04 23:47 - 2010-07-17 09:05 - 0000000 __HDC C:\ProgramData\{52FD7279-AB6C-4868-9409-1842DECDABD3}
2012-04-04 23:47 - 2010-06-21 07:49 - 0000000 ____D C:\Users\All Users\Real
2012-04-04 23:47 - 2010-06-21 07:49 - 0000000 ____D C:\ProgramData\Real
2012-04-04 23:47 - 2010-05-15 14:56 - 0000000 ____D C:\Users\fatty\AppData\Local\Best_Buy
2012-04-04 23:47 - 2010-05-15 14:48 - 0000000 ____D C:\Users\fatty\AppData\Local\VirtualStore
2012-04-04 23:47 - 2010-01-22 13:03 - 0000000 ____D C:\Users\All Users\Norton
2012-04-04 23:47 - 2010-01-22 13:03 - 0000000 ____D C:\ProgramData\Norton
2012-04-04 23:47 - 2010-01-22 13:02 - 0000000 ____D C:\Users\All Users\InstallShield
2012-04-04 23:47 - 2010-01-22 13:02 - 0000000 ____D C:\ProgramData\InstallShield
2012-04-04 23:47 - 2010-01-22 12:50 - 0000000 ____D C:\Program Files\Synaptics
2012-04-04 23:47 - 2010-01-22 12:48 - 0000000 ____D C:\Program Files\Realtek
2012-04-04 23:47 - 2010-01-22 12:30 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-04 23:47 - 2010-01-22 12:30 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-04 23:47 - 2009-12-11 22:32 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-04 23:47 - 2009-12-11 22:22 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-04 23:47 - 2009-12-11 22:22 - 0000000 ____D C:\Program Files\TOSHIBA
2012-04-04 23:47 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-04 23:47 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-04 23:47 - 2009-07-13 21:08 - 0000000 ____D C:\users\Administrator
2012-04-04 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-04 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-04 23:46 - 2012-02-21 09:05 - 0000000 ____D C:\Program Files (x86)\Download Manager
2012-04-04 23:46 - 2012-02-21 09:05 - 0000000 ____D C:\Program Files (x86)\alotappbar
2012-04-04 23:46 - 2012-02-06 06:41 - 0000000 ____D C:\Program Files (x86)\Comcast
2012-04-04 23:46 - 2012-01-16 16:54 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-04 23:46 - 2012-01-16 16:52 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-04 23:46 - 2012-01-16 16:17 - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-04-04 23:46 - 2011-12-20 09:25 - 0000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2012-04-04 23:46 - 2011-07-04 12:33 - 0000000 ____D C:\Program Files (x86)\Business-in-a-Box
2012-04-04 23:46 - 2011-06-24 10:31 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-04 23:46 - 2011-06-07 14:37 - 0000000 ____D C:\Program Files (x86)\Bing Bar Installer
2012-04-04 23:46 - 2011-06-07 14:36 - 0000000 ____D C:\Program Files (x86)\HP Photo Creations
2012-04-04 23:46 - 2011-06-07 14:36 - 0000000 ____D C:\Program Files (x86)\Coupons
2012-04-04 23:46 - 2011-06-07 14:35 - 0000000 ____D C:\Program Files (x86)\HP
2012-04-04 23:46 - 2011-06-03 07:09 - 0000000 ____D C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2012-04-04 23:46 - 2011-02-11 09:58 - 0000000 ____D C:\Program Files (x86)\ConduitEngine
2012-04-04 23:46 - 2011-02-11 09:58 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-04-04 23:46 - 2010-12-20 09:36 - 0000000 ____D C:\Program Files (x86)\support.com
2012-04-04 23:46 - 2010-10-21 08:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-04-04 23:46 - 2010-10-21 08:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-04 23:46 - 2010-09-29 09:35 - 0000000 ____D C:\Program Files (x86)\Sierra Wireless
2012-04-04 23:46 - 2010-09-13 19:24 - 0000000 ____D C:\Program Files (x86)\Registry Mechanic
2012-04-04 23:46 - 2010-09-10 05:38 - 0000000 ____D C:\Program Files (x86)\Spirent Communications
2012-04-04 23:46 - 2010-09-10 05:38 - 0000000 ____D C:\Program Files (x86)\HTC
2012-04-04 23:46 - 2010-06-21 07:49 - 0000000 ____D C:\Program Files (x86)\Real
2012-04-04 23:46 - 2010-05-16 18:54 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-04-04 23:46 - 2010-05-16 18:53 - 0000000 ____D C:\Program Files (x86)\MSSOAP
2012-04-04 23:46 - 2010-01-22 13:03 - 0000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-04-04 23:46 - 2010-01-22 13:02 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-04-04 23:46 - 2010-01-22 12:51 - 0000000 ____D C:\Program Files (x86)\Realtek WLAN Driver
2012-04-04 23:46 - 2010-01-22 12:41 - 0000000 ____D C:\Intel
2012-04-04 23:46 - 2010-01-22 12:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2012-04-04 23:46 - 2010-01-22 12:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-04 23:46 - 2010-01-22 12:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-04 23:46 - 2009-12-11 22:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-04 23:46 - 2009-12-11 22:27 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-04 23:46 - 2009-12-11 22:24 - 0000000 ____D C:\Program Files (x86)\TOSHIBA
2012-04-04 23:46 - 2009-12-11 22:22 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-04 23:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-04 23:45 - 2012-04-04 17:25 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-04 23:45 - 2012-04-04 15:22 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 23:45 - 2012-03-29 05:05 - 0000000 ____D C:\Users\All Users\!SASCORE
2012-04-04 23:45 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-04 23:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-04 23:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-04 23:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-04 23:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-04 23:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-04 23:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-04 23:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-04 23:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-04-04 23:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-04-04 23:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-04 23:40 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-04-04 23:40 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-04 23:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-04 23:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-04 23:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-04 23:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-04 23:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-04-04 23:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-04 23:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-04 23:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-04-04 23:38 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-04 23:38 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-04-04 23:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-04 23:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-04 23:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-04 23:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-04 23:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-04 23:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-04 23:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-04 23:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-04 23:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-04 23:27 - 2011-06-07 14:37 - 0000000 ____D C:\Users\fatty\AppData\Roaming\Mozilla
2012-04-04 23:27 - 2011-02-24 09:09 - 0000000 ____D C:\Users\fatty\Documents\Fax
2012-04-04 23:27 - 2010-06-21 07:49 - 0000000 ____D C:\Users\fatty\AppData\Roaming\Real
2012-04-04 23:27 - 2010-05-15 14:51 - 0000000 ____D C:\Users\fatty\AppData\Roaming\Roxio
2012-04-04 23:27 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-04 23:26 - 2012-01-16 16:59 - 0000000 ____D C:\Users\fatty\AppData\Roaming\CyberLink
2012-04-04 23:26 - 2011-06-27 13:58 - 0000000 ____D C:\Users\fatty\AppData\Roaming\Adobe
2012-04-04 23:26 - 2011-06-24 10:32 - 0000000 ____D C:\Users\fatty\AppData\Local\Mozilla
2012-04-04 23:26 - 2010-05-16 19:35 - 0000000 ____D C:\Users\fatty\AppData\Local\TOSHIBA_Corporation
2012-04-04 23:26 - 2010-05-15 14:47 - 0000000 ____D C:\Users\fatty\AppData\LocalLow
2012-04-04 23:25 - 2012-01-16 16:57 - 0000000 ____D C:\Users\All Users\CyberLink
2012-04-04 23:25 - 2012-01-16 16:57 - 0000000 ____D C:\ProgramData\CyberLink
2012-04-04 23:25 - 2011-12-06 12:49 - 0000000 ____D C:\Users\fatty\AppData\Local\Facebook
2012-04-04 23:25 - 2010-09-09 12:15 - 0000000 ____D C:\Users\fatty\AppData\Local\Downloaded Installations
2012-04-04 23:25 - 2010-08-18 13:36 - 0000000 ___HD C:\Users\All Users\ArcSoft
2012-04-04 23:25 - 2010-08-18 13:36 - 0000000 ___HD C:\ProgramData\ArcSoft
2012-04-04 23:25 - 2010-06-12 13:04 - 0000000 ____D C:\Users\fatty\AppData\Local\Microsoft Games
2012-04-04 23:25 - 2010-05-16 18:53 - 0000000 ____D C:\Users\All Users\Webroot
2012-04-04 23:25 - 2010-05-16 18:53 - 0000000 ____D C:\ProgramData\Webroot
2012-04-04 23:25 - 2010-05-15 14:51 - 0000000 ____D C:\Users\fatty\AppData\Local\Google
2012-04-04 23:25 - 2010-01-22 13:02 - 0000000 ____D C:\Users\All Users\Uninstall
2012-04-04 23:25 - 2010-01-22 13:02 - 0000000 ____D C:\ProgramData\Uninstall
2012-04-04 23:25 - 2009-12-11 22:27 - 0000000 ____D C:\Users\All Users\Toshiba
2012-04-04 23:25 - 2009-12-11 22:27 - 0000000 ____D C:\Users\All Users\Google
2012-04-04 23:25 - 2009-12-11 22:27 - 0000000 ____D C:\ProgramData\Toshiba
2012-04-04 23:25 - 2009-12-11 22:27 - 0000000 ____D C:\ProgramData\Google
2012-04-04 23:25 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-04 23:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-04 23:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-04 23:22 - 2012-01-16 16:32 - 0000000 ____D C:\Program Files\CyberLink
2012-04-04 23:22 - 2011-06-07 14:34 - 0000000 ____D C:\Program Files\HP
2012-04-04 23:22 - 2010-01-22 13:00 - 0000000 ____D C:\Program Files\Dolby
2012-04-04 23:22 - 2010-01-22 12:31 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-04 23:22 - 2009-12-11 22:27 - 0000000 ____D C:\Program Files\Google
2012-04-04 23:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-04 23:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-04 23:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-04 23:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-04 23:21 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-04 23:21 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-04 23:21 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-04 23:20 - 2012-01-16 16:55 - 0000000 ____D C:\Program Files (x86)\SmartSound Software
2012-04-04 23:20 - 2010-09-29 09:35 - 0000000 ____D C:\Program Files (x86)\Sprint
2012-04-04 23:20 - 2010-05-16 18:53 - 0000000 ____D C:\Program Files (x86)\Webroot
2012-04-04 23:20 - 2010-01-22 12:48 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-04 23:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-04 23:19 - 2010-01-22 13:02 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-04 23:19 - 2009-12-11 22:34 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-04 23:18 - 2010-08-18 13:35 - 0000000 ____D C:\Program Files (x86)\Kodak
2012-04-04 23:18 - 2009-12-11 22:22 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-04 23:18 - 2009-12-11 22:19 - 0000000 ____D C:\Program Files (x86)\Intel
2012-04-04 23:17 - 2012-01-16 16:34 - 0000000 ____D C:\Program Files (x86)\Cyberlink
2012-04-04 23:16 - 2011-08-25 14:56 - 0000000 ____D C:\Program Files (x86)\Citrix
2012-04-04 23:16 - 2010-12-20 09:42 - 0000000 ____D C:\Program Files (x86)\comcasttb
2012-04-04 23:16 - 2010-12-20 09:42 - 0000000 ____D C:\Program Files (x86)\CA
2012-04-04 23:15 - 2011-02-11 09:58 - 0000000 ____D C:\extensions
2012-04-04 23:15 - 2010-09-13 07:13 - 0000000 ____D C:\Program Files (x86)\Axis Communications
2012-04-04 23:15 - 2010-07-23 06:47 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-04 23:15 - 2010-01-22 12:30 - 0000000 __RHD C:\MSOCache
2012-04-04 18:15 - 2010-01-22 12:20 - 3063029760 __ASH C:\hiberfil.sys
2012-04-04 17:08 - 2012-04-04 17:08 - 0000000 ____D C:\Users\fatty\AppData\Local\{9D5A2A97-EB3F-47BA-99F8-9B286618C4CC}
2012-04-04 17:07 - 2010-05-24 16:04 - 0000000 ____D C:\Users\fatty\Tracing
2012-04-04 16:54 - 2012-04-04 16:44 - 0002126 ____A C:\Users\fatty\Desktop\unhide.txt
2012-04-04 15:22 - 2012-04-04 15:22 - 0000000 ____D C:\Users\fatty\AppData\Roaming\Malwarebytes
2012-04-04 15:22 - 2012-04-04 15:22 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-04 15:22 - 2012-04-04 15:22 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-04 15:21 - 2012-04-04 15:18 - 0142654 ____A C:\TDSSKiller.2.7.24.0_04.04.2012_19.18.05_log.txt
2012-04-04 15:20 - 2012-04-04 15:20 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-04 15:17 - 2012-04-04 15:17 - 0000361 ____A C:\rkill.log
2012-04-02 17:43 - 2012-04-04 15:16 - 0000091 ____A C:\Users\fatty\Desktop\Remove System Check (Uninstall Guide).url
2012-04-02 15:31 - 2012-04-02 15:31 - 0000000 ____D C:\Users\fatty\AppData\Local\{672DA243-7D71-443F-9A8D-E0C7D8C7D0E9}
2012-03-29 06:37 - 2012-03-29 06:37 - 0000000 ____D C:\Users\fatty\AppData\Local\{5C1A0A92-FBD8-430F-BE65-0B6AA581FAC1}
2012-03-29 06:12 - 2012-03-29 06:12 - 0000000 ____D C:\Users\fatty\AppData\Local\{C1471A13-C7B4-4FDD-AC22-6DA55D08E3E4}
2012-03-29 05:53 - 2012-03-29 05:53 - 0000000 ____D C:\Users\fatty\AppData\Local\{74EFAD48-BA1F-4D14-95E6-B1F96BFE5194}
2012-03-29 05:05 - 2012-03-29 05:05 - 0000000 ____D C:\ProgramData\!SASCORE
2012-03-29 04:02 - 2012-03-29 04:02 - 0000336 ____A C:\Users\All Users\QM6YB1CsgspHZF
2012-03-29 04:02 - 2012-03-29 04:02 - 0000336 ____A C:\ProgramData\QM6YB1CsgspHZF
2012-03-29 04:02 - 2012-03-29 04:02 - 0000264 ____A C:\Users\All Users\~QM6YB1CsgspHZF
2012-03-29 04:02 - 2012-03-29 04:02 - 0000264 ____A C:\ProgramData\~QM6YB1CsgspHZF
2012-03-29 04:02 - 2012-03-29 04:02 - 0000168 ____A C:\Users\All Users\~QM6YB1CsgspHZFr
2012-03-29 04:02 - 2012-03-29 04:02 - 0000168 ____A C:\ProgramData\~QM6YB1CsgspHZFr
2012-03-29 03:50 - 2012-03-29 03:50 - 0000000 ____D C:\Windows\system64
2012-03-27 12:52 - 2012-02-14 07:16 - 0000000 ____D C:\Users\fatty\Documents\COOK
2012-03-27 11:16 - 2010-05-15 15:05 - 0000000 ____D C:\Users\fatty\AppData\Roaming\Toshiba
2012-03-26 07:46 - 2012-03-26 07:46 - 0832691 ____A C:\Users\fatty\Downloads\IMAG1218.jpg
2012-03-25 07:46 - 2010-01-22 12:26 - 1781169 ____A C:\Windows\WindowsUpdate.log
2012-03-25 07:35 - 2010-05-16 19:42 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-25 07:00 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-25 07:00 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-25 06:53 - 2010-05-16 19:42 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-25 06:45 - 2010-09-13 19:24 - 0000266 ____A C:\Windows\Tasks\RMSchedule.job
2012-03-23 09:00 - 2010-05-16 19:41 - 0001668 ____A C:\Windows\Tasks\wrSpySweeper_LCCA1D00DE42242CE8C9E68C2DAC31244.job
2012-03-19 05:12 - 2012-03-19 05:12 - 0000000 ____D C:\Users\fatty\AppData\Local\{FC0EAF3D-9F77-4969-A3FE-56B2F38E5C87}
2012-03-18 17:24 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-18 17:24 - 2009-07-13 20:51 - 0051900 ____A C:\Windows\setupact.log
2012-03-18 17:24 - 2009-07-13 20:45 - 0475184 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-18 16:55 - 2011-11-10 08:06 - 0000000 ____D C:\Users\fatty\AppData\Local\CrashDumps
2012-03-18 06:05 - 2011-06-10 15:11 - 0000000 ____D C:\Users\Public\Documents\Bait saver
2012-03-18 05:53 - 2010-08-14 15:19 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-15 06:49 - 2012-03-15 06:49 - 0016976 ____A C:\Users\fatty\Documents\Christian Resume JWB Investment advisor rendition.docx
2012-03-13 03:26 - 2012-03-13 03:26 - 0465900 ____A C:\Users\fatty\Downloads\IMAG1176.jpg
2012-03-13 03:26 - 2012-03-13 03:26 - 0464199 ____A C:\Users\fatty\Downloads\IMAG1174.jpg
2012-03-13 03:26 - 2012-03-13 03:26 - 0387638 ____A C:\Users\fatty\Downloads\IMAG1175.jpg
2012-03-12 07:42 - 2009-07-13 21:13 - 0730448 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-12 07:41 - 2011-06-08 08:44 - 0000000 ____D C:\Users\fatty\AppData\Local\Windows Live
2012-03-12 06:26 - 2012-03-12 06:25 - 0000000 ____D C:\Users\fatty\AppData\Local\{1A2D731F-CEB7-4EBB-B2A4-C962E3C43381}
2012-03-12 06:25 - 2012-03-12 06:25 - 0000000 ____D C:\Users\fatty\AppData\Local\{9074DFD9-D9B5-4E8C-891E-A8EEAADF6AA8}
2012-03-03 06:32 - 2012-03-03 06:32 - 0000000 ____D C:\Users\fatty\AppData\Local\{FABAAB58-155A-4606-A6ED-5A9A70F60AE0}
2012-03-03 06:31 - 2012-03-03 06:31 - 0000000 ____D C:\Users\fatty\AppData\Local\{9E717B40-69DA-4271-A965-1BF11A035C3C}
2012-03-03 04:46 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-02-23 07:19 - 2011-02-24 09:09 - 0000000 ___RD C:\Users\fatty\Documents\Scanned Documents
2012-02-23 07:13 - 2012-02-23 07:13 - 0000000 ____D C:\Users\fatty\AppData\Local\{84EB1AC4-D0C1-4931-84A0-7D759F64A82A}
2012-02-23 07:13 - 2012-02-23 07:12 - 0000000 ____D C:\Users\fatty\AppData\Local\{35673967-D010-432B-B07A-BFA94025DE31}
2012-02-22 14:55 - 2012-02-22 14:54 - 0000000 ____D C:\Users\fatty\AppData\Local\{29EEB480-ED72-41D0-96F5-82D0E25DAB01}
2012-02-22 14:54 - 2012-02-22 14:54 - 0000000 ____D C:\Users\fatty\AppData\Local\{9AC1C37A-AFDA-484C-9556-C82BE4AAB177}
2012-02-21 13:19 - 2012-02-21 13:19 - 0047400 ____A C:\Users\fatty\Desktop\Jenny Tax Return.pdf
2012-02-21 09:02 - 2012-02-21 09:02 - 0611424 ____A (OptimumInstaller) C:\Users\fatty\Downloads\DownloadManager_Setup.exe
2012-02-21 07:07 - 2012-02-21 07:07 - 1211521 ____A C:\Users\fatty\Downloads\IMAG0006.jpg
2012-02-21 07:07 - 2012-02-21 07:07 - 0532093 ____A C:\Users\fatty\Downloads\IMAG0977.jpg
2012-02-21 07:07 - 2012-02-21 07:07 - 0529243 ____A C:\Users\fatty\Downloads\IMAG0978.jpg
2012-02-21 07:06 - 2012-02-21 07:06 - 0203120 ____A C:\Users\fatty\Downloads\CHICKEN LIVER.jpg
2012-02-21 06:34 - 2012-02-21 06:34 - 0000000 ____D C:\Users\fatty\AppData\Local\{D9AFFF49-AB55-42DC-BB98-EE88A0136F34}
2012-02-21 06:34 - 2012-02-21 06:33 - 0000000 ____D C:\Users\fatty\AppData\Local\{B1117856-55AA-4450-8362-B7975BABC9E4}
2012-02-21 06:32 - 2010-05-15 14:49 - 0000174 ___SH C:\Users\fatty\Start Menu\Programs\Startup\desktop.ini
2012-02-21 06:32 - 2010-05-15 14:49 - 0000174 ___SH C:\Users\fatty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 22:38 - 2012-03-13 09:37 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 09:37 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 09:37 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 09:37 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-13 11:28 - 2012-01-20 07:27 - 0017393 ____A C:\Users\fatty\Documents\Airtime contacts.docx
2012-02-09 22:36 - 2012-03-13 13:05 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 13:05 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-06 13:37 - 2012-02-06 13:37 - 2708273 ____A C:\Users\fatty\Downloads\BS HOOK Cut 1.mp4
2012-02-06 06:42 - 2012-02-06 06:42 - 0002170 ____A C:\Users\fatty\Desktop\Easy Solve.lnk
2012-02-06 06:42 - 2012-02-06 06:42 - 0000000 ____D C:\Users\fatty\AppData\Roaming\Motive
2012-02-06 06:40 - 2010-12-20 09:39 - 0000000 ____D C:\Users\All Users\SupportSoft
2012-02-06 06:40 - 2010-12-20 09:39 - 0000000 ____D C:\ProgramData\SupportSoft
2012-02-06 06:40 - 2010-12-20 09:36 - 0000000 ____D C:\Users\fatty\AppData\Local\SupportSoft
2012-02-06 06:38 - 2012-02-06 06:38 - 0000000 ____D C:\Users\All Users\Motive
2012-02-06 06:38 - 2012-02-06 06:38 - 0000000 ____D C:\ProgramData\Motive
2012-02-04 06:35 - 2012-02-03 07:05 - 0000139 ____A C:\Windows\SysWOW64\Get.log
2012-02-02 20:34 - 2012-03-13 13:05 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 07:23 - 2012-02-02 07:23 - 0000000 ____D C:\Users\fatty\AppData\Local\{F2D5DAD3-9531-47C1-A3D1-FDD348901670}
2012-02-02 07:02 - 2009-12-11 22:34 - 0032179 ____A C:\Windows\DirectX.log
2012-02-02 06:55 - 2012-02-02 06:54 - 0000000 ____D C:\Users\fatty\AppData\Local\{F250CAFA-3B3C-4C02-B5CF-E8D91AB3A14F}
2012-02-02 06:54 - 2012-02-02 06:54 - 0000000 ____D C:\Users\fatty\AppData\Local\{6E9438A7-92BF-434D-84AE-DBA45B068679}
2012-02-02 05:02 - 2012-02-02 05:02 - 0000000 ____D C:\Users\fatty\AppData\Local\{E3290B2A-1D36-42F1-961F-6470FC856844}
2012-02-02 05:02 - 2012-02-02 05:01 - 0000000 ____D C:\Users\fatty\AppData\Local\{75ECEF9A-48D5-46A7-9713-8A8B9D83EC07}
2012-02-02 04:58 - 2009-12-11 22:43 - 0061182 ____A C:\Windows\PFRO.log
2012-02-01 19:21 - 2012-02-01 19:21 - 0000000 ____D C:\Users\fatty\Documents\ARADump
2012-02-01 16:15 - 2012-02-01 16:01 - 101838202 ____A C:\Users\fatty\Documents\How to video in AVI format.wmv
2012-01-31 19:21 - 2012-01-18 14:27 - 0016660 ____A C:\Users\fatty\Documents\Christian Resume 1-17-12.docx
2012-01-31 11:56 - 2012-01-16 17:00 - 0000000 ____D C:\Users\fatty\Documents\CyberLink
2012-01-31 11:56 - 2012-01-16 16:34 - 0001703 ____A C:\Users\fatty\Desktop\CyberLink PowerDirector 10.lnk
2012-01-31 08:33 - 2012-01-31 08:33 - 0000000 ____D C:\Users\fatty\AppData\Local\{71854698-14BA-45E8-B958-BDC91CA9D2A9}
2012-01-31 08:33 - 2012-01-31 08:33 - 0000000 ____D C:\Users\fatty\AppData\Local\{6C07DF3F-ECE3-49E4-A806-5BC497B784E6}
2012-01-29 09:29 - 2012-01-29 09:29 - 0944280 ____A C:\Users\fatty\Downloads\IMAG0630.jpg
2012-01-25 10:10 - 2011-06-07 14:36 - 0000000 ____D C:\Users\fatty\AppData\Roaming\HpUpdate
2012-01-24 22:38 - 2012-03-13 09:37 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 09:37 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 09:37 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-23 21:16 - 2012-01-23 21:16 - 0012179 ____A C:\Users\fatty\Documents\Scriptscenes.docx
2012-01-23 18:22 - 2012-01-17 07:18 - 0000000 ____D C:\My Works
2012-01-21 07:54 - 2012-01-21 07:54 - 0606552 ____A (Google Inc.) C:\Users\fatty\Downloads\GoogleEarthPluginSetup.exe
2012-01-18 07:12 - 2012-01-16 16:55 - 0000000 ____D C:\Users\All Users\SmartSound Software Inc
2012-01-18 07:12 - 2012-01-16 16:55 - 0000000 ____D C:\ProgramData\SmartSound Software Inc
2012-01-17 12:49 - 2012-01-17 12:49 - 0364825 ____A C:\Users\fatty\Downloads\fishing.dzp
2012-01-17 04:47 - 2012-01-17 04:46 - 0000000 ____D C:\Users\fatty\AppData\Local\{1439ADF9-3910-43F9-97E8-B1962CB5346B}
2012-01-17 04:46 - 2012-01-17 04:46 - 0000000 ____D C:\Users\fatty\AppData\Local\{E04A8A71-CABB-4EB4-833B-45206A330B59}
2012-01-16 16:57 - 2010-05-15 14:51 - 0131368 ____A C:\Users\fatty\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-16 16:56 - 2012-01-16 16:56 - 0002094 ____A C:\Users\fatty\Desktop\CyberLink WaveEditor.lnk
2012-01-16 16:56 - 2012-01-16 16:56 - 0002094 ____A C:\Users\Default\Desktop\CyberLink WaveEditor.lnk
2012-01-16 16:56 - 2012-01-16 16:56 - 0002094 ____A C:\Users\Default User\Desktop\CyberLink WaveEditor.lnk
2012-01-16 16:56 - 2012-01-16 16:56 - 0002094 ____A C:\Users\Administrator\Desktop\CyberLink WaveEditor.lnk
2012-01-16 16:34 - 2012-01-16 16:34 - 0001141 ____A C:\Users\Public\Desktop\CyberLink PowerDirector 10.lnk
2012-01-16 16:30 - 2012-01-16 16:30 - 0000000 ____D C:\Users\All Users\CLSK
2012-01-16 16:30 - 2012-01-16 16:30 - 0000000 ____D C:\ProgramData\CLSK
2012-01-16 16:16 - 2012-01-16 16:16 - 1110476 ____A C:\Users\fatty\Downloads\7z920.exe
2012-01-16 08:24 - 2012-01-16 08:24 - 0000000 ____A C:\Users\fatty\CONVERT
2012-01-16 07:49 - 2012-01-16 07:40 - 0000000 ____D C:\Users\fatty\Downloads\Cyber link
2012-01-16 07:31 - 2012-01-16 07:15 - 0001123 ____A C:\Users\fatty\Downloads\Cyberlink_PowerDirector-10.00.1012_Ultra64-Full_retail-Multilang.6810082.TPB - Shortcut.lnk
2012-01-16 07:26 - 2012-01-16 07:23 - 1883746101 ____A C:\Users\fatty\Downloads\Cyberlink_PowerDirector-10.00.1012_Ultra64-Full_retail-Multilangual.zip
2012-01-16 07:01 - 2012-01-16 07:01 - 0000000 ____D C:\Users\fatty\AppData\Local\{98DD52EE-C34F-45E9-A7D8-29FC5509C202}
2012-01-15 10:50 - 2012-01-15 10:50 - 0019035 ____A C:\Users\fatty\Documents\Cyberlink_PowerDirector-10.00.1012_Ultra64-Full_retail-Multilang.6810082.TPB.torrent
2012-01-13 08:49 - 2012-01-13 08:49 - 0000000 ____D C:\Users\fatty\AppData\Local\{BF16B597-A130-4EEB-AB78-EED80441465C}
2012-01-13 08:49 - 2012-01-13 08:49 - 0000000 ____D C:\Users\fatty\AppData\Local\{733355D8-92D3-423D-940D-588272A3CF1C}
2012-01-10 10:34 - 2012-01-10 10:34 - 0000162 ____A C:\Users\Public\Documents\~$ristians_resume FINISHED.doc

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 3894.85 MB
Available physical RAM: 2875.61 MB
Total Pagefile: 3893 MB
Available Pagefile: 3112.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:349.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:7.47 GB) (Free:3.94 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7657 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 453 GB 1501 MB
Partition 3 Primary 10 GB 455 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105322W0F NTFS Partition 453 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7655 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 05:29

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:18 PM

Posted 05 April 2012 - 07:47 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Now restart, let it boot normally and tell me how it went.


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 03 July 2012 - 09:37 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 glennordway

glennordway
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 05 April 2012 - 08:01 PM

Thank you for the quick reply CatByte.

I have run the Fix as you provided and the computer rebooted what looks like back to normal. I am attaching the log as requested and am going to run ComboFix as requested and will post that log as well.

Here is the Fix Log for now:


Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-05 20:55:06 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM\...\Run: [] [x] Value not found.
C:\Users\All Users\QM6YB1CsgspHZF moved successfully.
C:\ProgramData\QM6YB1CsgspHZF not found.
C:\Users\All Users\~QM6YB1CsgspHZF moved successfully.
C:\ProgramData\~QM6YB1CsgspHZF not found.
C:\Users\All Users\~QM6YB1CsgspHZFr moved successfully.
C:\ProgramData\~QM6YB1CsgspHZFr not found.

========= bootrec /FixMbr =========

T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

T h e v o l u m e d o e s n o t c o n t a i n a r e c o g n i z e d f i l e s y s t e m .

P l e a s e m a k e s u r e t h a t a l l r e q u i r e d f i l e s y s t e m d r i v e r s a r e l o a d e d a n d t h a t t h e v o l u m e i s n o t c o r r u p t e d .


========= End of CMD: =========


==== End of Fixlog ====

#4 glennordway

glennordway
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 05 April 2012 - 09:39 PM

Ok, ComboFix has been ran as requested. Here is the log for this as well. Let me know the next step and again, thank you for your assistance.

Glenn



ComboFix 12-04-05.09 - fatty 04/05/2012 21:55:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2287 [GMT -4:00]
Running from: c:\users\fatty\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\fatty\g2mdlhlpx.exe
c:\windows\bk23567.dat
c:\windows\fdgg34353edfgdfdf
c:\windows\lgo
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ppdrv
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 04:11 . 2012-04-06 04:12 -------- d-----w- C:\FRST
2012-04-06 02:08 . 2012-04-06 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 01:25 . 2012-04-05 07:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-04 23:22 . 2012-04-04 23:22 -------- d-----w- c:\users\fatty\AppData\Roaming\Malwarebytes
2012-04-04 23:22 . 2012-04-05 07:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-04 23:20 . 2012-04-04 23:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 11:50 . 2012-03-29 11:50 -------- d-----we c:\windows\system64
2012-03-23 03:12 . 2012-03-23 03:12 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-23 03:12 . 2012-03-23 03:12 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 13:57 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 13:57 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 13:57 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:05 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:05 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:05 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:37 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:37 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:37 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:37 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:37 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:37 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:37 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-02 15:03 . 2012-02-02 15:03 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ERROR(0x00000005)
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
2012-02-15 17:47 48488 ----a-w- c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{dcc70a83-e184-40a3-906b-779af5e941c4}]
2010-07-30 17:33 87512 ----a-w- c:\program files (x86)\xfinitytb\xfinitydx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e6d0b79e-ecac-411b-8bf6-7a574981af30}]
2010-07-30 17:34 259584 ----a-w- c:\program files (x86)\xfinitytb\auxi\xfinityAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{dcc70a83-e184-40a3-906b-779af5e941c4}"= "c:\program files (x86)\xfinitytb\xfinitydx.dll" [2010-07-30 87512]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [2012-02-15 48488]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{dcc70a83-e184-40a3-906b-779af5e941c4}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"BIBLauncher"="c:\program files (x86)\Business-in-a-Box\BIBLauncher.exe" [2011-02-21 858080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-18 5486464]
"DownloadManager"="c:\program files (x86)\Download Manager\DownloadManager.exe" [2012-02-21 612352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-22 273544]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2011-06-17 353728]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-4-29 1136568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys [2009-08-30 641584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys [2009-08-30 467504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-01-18 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-01-18 441344]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:42]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:42]
.
2012-03-25 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2010-09-14 12:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-01-18 2727936]
"combofix"="c:\combofix\CF24694.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://cw17pier.axiscam.net:8080/activex/AMC.cab
FF - ProfilePath - c:\users\fatty\AppData\Roaming\Mozilla\Firefox\Profiles\otqk4xxw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ComcastHSI - c:\program files (x86)\support.com\uninstall\chsi_uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_\00\00\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Common Files\Teleca Shared\logger.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-05 22:34:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 02:34
.
Pre-Run: 377,848,311,808 bytes free
Post-Run: 377,471,201,280 bytes free
.
- - End Of File - - 62E3F4BD165916F66860058123FDB403

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:18 PM

Posted 05 April 2012 - 10:00 PM

Hi,

The logs show that you have two antivirus products installed:

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}

having more than one antivirus can cause conflicts, system slowdowns and crashes, so one of them should be uninstalled.

NEXT

Please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 glennordway

glennordway
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 07 April 2012 - 05:20 PM

Here are the logs as requested. So far things seem to be running fine now. If there is any other steps you would advise me to take let me know.

Thank you again for your assistance.




Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7600.16385
fatty :: FATTY-PC [administrator]

4/6/2012 9:25:28 PM
mbam-log-2012-04-06 (21-25-28).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 411326
Time elapsed: 1 hour(s), 3 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\fatty\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=def898ffc0308f48b71f72dbcfad822f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-07 04:12:34
# local_time=2012-04-07 12:12:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777214 85 85 0 82526037 0 0
# compatibility_mode=5893 16776574 100 94 0 85310063 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=214810
# found=0
# cleaned=0
# scan_time=5341
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=def898ffc0308f48b71f72dbcfad822f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-07 04:34:36
# local_time=2012-04-07 12:34:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777214 85 85 0 82532664 0 0
# compatibility_mode=5893 16776574 100 94 0 85316690 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=167
# found=0
# cleaned=0
# scan_time=35
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=def898ffc0308f48b71f72dbcfad822f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-07 06:01:50
# local_time=2012-04-07 02:01:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777214 85 85 0 82532753 0 0
# compatibility_mode=5893 16776574 100 94 0 85316779 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=214931
# found=0
# cleaned=0
# scan_time=5180

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:18 PM

Posted 07 April 2012 - 05:30 PM

Hi,

Please run the following diagnostic log so I can make certain there is no remaining malware:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 glennordway

glennordway
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 07 April 2012 - 05:46 PM

Attatch.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/15/2010 6:47:32 PM
System Uptime: 4/7/2012 6:39:19 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU | 1727/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 358.91 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP158: 4/6/2012 - Scheduled Checkpoint
RP159: 4/6/2012 9:09:37 PM - Removed Ask.com Toolbar.
RP160: 4/7/2012 6:22:25 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Torrent
4500_G510af_Help
4500G510af
4500G510af_Software_Min
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
ArcSoft MediaImpression for Kodak
AXIS Media Control Embedded
Best Buy Software Installer
BufferChm
Business-in-a-Box
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Conduit Engine
Coupon Printer for Windows
CyberLink PowerDirector 10
CyberLink WaveEditor
CyberPower PowerPanel Personal Edition 1.3.2
D3DX10
Download Manager
Easy Solve
ESET Online Scanner v3
Facebook Video Calling 1.0.0.8953
Google Earth Plug-in
Google Update Helper
GoToMeeting 5.0.0.799
HP Deskjet 3050 J610 series Help
HP Photo Creations
HP Update
HTC Driver Installer
HTC Sync
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 14
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RealUpgrade 1.1
Registry Mechanic 10.0
RICOH R5U230 Media Driver ver.2.06.03.02
Roxio Burn
Roxio Express Labeler 3
Roxio Media Manager
Roxio Roxio Burn
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SmartFTP Client Setup Files 4.0 (x64) (remove only)
SmartSound Quicktracks 5
Sprint Mobile Broadband (Sierra)
Toolbox
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
4/7/2012 6:40:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/7/2012 6:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/7/2012 6:25:45 PM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2012 9:23:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/6/2012 9:09:09 PM, Error: Service Control Manager [7034] - The CA Pest Patrol Realtime Protection Service service terminated unexpectedly. It has done this 1 time(s).
4/6/2012 10:31:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON
4/5/2012 9:10:15 PM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2012 9:10:14 PM, Error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
4/5/2012 8:56:51 PM, Error: Service Control Manager [7000] - The ppdrv service failed to start due to the following error: The system cannot find the file specified.
4/5/2012 11:33:20 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/5/2012 10:11:44 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
4/5/2012 10:09:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/5/2012 10:04:27 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/4/2012 9:47:05 PM, Error: ssidrv [4104] -
4/4/2012 9:27:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
4/4/2012 9:27:44 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/4/2012 9:18:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/4/2012 9:18:50 PM, Error: Service Control Manager [7023] - The Grmnusb service terminated with the following error: The system cannot find the file specified.
4/4/2012 9:18:45 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/4/2012 9:18:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/4/2012 9:16:07 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2012 9:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/4/2012 9:14:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/4/2012 9:14:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2012 9:14:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SYMTDIv Wanarpv6
4/4/2012 9:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/4/2012 9:13:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2012 7:52:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2012 7:51:20 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2012 7:51:20 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2012 7:50:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/2/2012 7:50:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/2/2012 7:50:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2012 7:50:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2012 7:49:53 PM, Error: HECIx64 [3] - Intel® Management Engine Interface driver has failed to perform handshake with the Firmware.
.
==== End Of File ===========================


DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by fatty at 18:42:10 on 2012-04-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2639 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Download Manager: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://cw17pier.axiscam.net:8080/activex/AMC.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B23DE1D5-3ED0-48F5-B259-C5D09E54F25C} : DhcpNameServer = 68.87.64.230 68.87.66.234
TCP: Interfaces\{DF6D3340-3138-4039-9DDF-BA649B1E2368} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DF6D3340-3138-4039-9DDF-BA649B1E2368}\5465F402938324237383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DF6D3340-3138-4039-9DDF-BA649B1E2368}\65562796A7F6E602143433030203831444 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Download Manager: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} - mscoree.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\fatty\AppData\Roaming\Mozilla\Firefox\Profiles\otqk4xxw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\fatty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-22 13336]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-2-6 361472]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-2-6 441344]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-9-13 583640]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-1-16 386344]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-16 135664]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-22 2314240]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-16 135664]
S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-1-22 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-04-07 22:39:54 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B872A107-63A2-4141-B5AF-F068CB96E918}\offreg.dll
2012-04-07 22:23:11 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01275D47-AACE-47D9-9D21-7B2CF0BAA227}\gapaengine.dll
2012-04-07 22:23:06 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B872A107-63A2-4141-B5AF-F068CB96E918}\mpengine.dll
2012-04-07 22:21:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-07 02:41:28 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-07 01:24:36 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-07 01:18:41 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-06 04:11:09 -------- d-----w- C:\FRST
2012-04-06 01:53:51 98816 ----a-w- C:\windows\sed.exe
2012-04-06 01:53:51 518144 ----a-w- C:\windows\SWREG.exe
2012-04-06 01:53:51 256000 ----a-w- C:\windows\PEV.exe
2012-04-06 01:53:51 208896 ----a-w- C:\windows\MBR.exe
2012-04-06 00:59:23 -------- d-----w- C:\Users\fatty\AppData\Local\{25CF1B7C-EDA5-4AEE-9DA7-826D45767400}
2012-04-05 01:25:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-05 01:08:22 -------- d-----w- C:\Users\fatty\AppData\Local\{9D5A2A97-EB3F-47BA-99F8-9B286618C4CC}
2012-04-04 23:22:38 -------- d-----w- C:\Users\fatty\AppData\Roaming\Malwarebytes
2012-04-04 23:22:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-04 23:22:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 23:20:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-02 23:31:48 -------- d-----w- C:\Users\fatty\AppData\Local\{672DA243-7D71-443F-9A8D-E0C7D8C7D0E9}
2012-03-29 14:37:34 -------- d-----w- C:\Users\fatty\AppData\Local\{5C1A0A92-FBD8-430F-BE65-0B6AA581FAC1}
2012-03-29 14:12:49 -------- d-----w- C:\Users\fatty\AppData\Local\{C1471A13-C7B4-4FDD-AC22-6DA55D08E3E4}
2012-03-29 13:53:33 -------- d-----w- C:\Users\fatty\AppData\Local\{74EFAD48-BA1F-4D14-95E6-B1F96BFE5194}
2012-03-29 11:50:36 -------- d-----we C:\windows\system64
2012-03-23 03:12:30 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-23 03:12:30 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 13:12:26 -------- d-----w- C:\Users\fatty\AppData\Local\{FC0EAF3D-9F77-4969-A3FE-56B2F38E5C87}
2012-03-18 13:57:15 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-18 13:57:14 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 13:57:13 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:05:56 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-13 21:05:53 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-13 21:05:52 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-13 17:37:54 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-13 17:37:53 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-13 17:37:52 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-13 17:37:52 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-13 17:37:49 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-13 17:37:49 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-13 17:37:48 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-12 14:25:58 -------- d-----w- C:\Users\fatty\AppData\Local\{1A2D731F-CEB7-4EBB-B2A4-C962E3C43381}
2012-03-12 14:25:32 -------- d-----w- C:\Users\fatty\AppData\Local\{9074DFD9-D9B5-4E8C-891E-A8EEAADF6AA8}
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 18:43:56.07 ===============

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:18 PM

Posted 07 April 2012 - 06:14 PM

Hi,

Both AV's are still showing as installed, if you uninstalled Norton, you may need to use the Norton Removal Tool, to remove all traces of it:

Norton has a tool that will remove all of its products from failed uninstalls or installs
  • Download the appropriate Norton Removal Tool from HERE and save it to your desktop.
  • Next Double click on Norton_Removal_Tool.exe to run the tool.
  • Follow the on-screen instructions.
  • Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.


NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Please advise how that goes and how the computer is running and if there are any outstanding issues.
If all is well, then we can clean up our tools.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 glennordway

glennordway
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 08 April 2012 - 02:29 PM

Finally was able to get Norton completely removed off the computer and have both Adobe and Java updated. So far everything seems to be working normally.

I still need to go through their computer and make sure everything is updated and current and that any programs that they do not need or use are removed. Any other suggestions?

Thanks again for all your help.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:18 PM

Posted 08 April 2012 - 02:50 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 glennordway

glennordway
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 08 April 2012 - 08:43 PM

Housekeeping complete. All seems good to go. Thank you again CatByte.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:18 PM

Posted 08 April 2012 - 08:45 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:18 PM

Posted 08 April 2012 - 08:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users