Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problem with trojans


  • This topic is locked This topic is locked
51 replies to this topic

#1 ryanjpr89

ryanjpr89

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 30 May 2012 - 06:56 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Ryan at 18:57:04 on 2012-05-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
uRun: [AdobeBridge]
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\ryan\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3A3E319B-AB2D-453C-A74C-785A419435D4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3A3E319B-AB2D-453C-A74C-785A419435D4}\4457374796E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3A3E319B-AB2D-453C-A74C-785A419435D4}\C656F6E6075726C69636 : DhcpNameServer = 198.180.240.3 204.194.36.14
TCP: Interfaces\{3A3E319B-AB2D-453C-A74C-785A419435D4}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\4223mwf2.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\battlelog web plugins\1.110.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\users\ryan\appdata\local\facebook\messenger\2.1.4520.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\ryan\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\ryan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-29 01:38:53 -------- d-----w- c:\users\ryan\appdata\roaming\ooVoo Details
2012-05-29 01:38:30 -------- d-----w- c:\program files\Ask.com
2012-05-29 01:37:54 -------- d-----w- c:\program files\ooVoo
2012-05-24 02:42:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-11 09:26:48 -------- d-----w- c:\users\ryan\appdata\roaming\IMVU
2012-05-04 00:28:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-04 00:28:17 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-04 00:28:17 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-01 06:20:00 -------- d-----w- c:\program files\Lavalys
2012-05-01 05:50:52 -------- d-----w- c:\program files\SpeedFan
2012-05-01 05:30:27 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 05:18:55 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
==================== Find3M ====================
.
2012-05-13 19:57:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-13 19:57:01 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-01 05:30:12 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:58:50.08 ===============



http://www.bleepingcomputer.com/forums/topic455358.html

I've removed some using malwarebytes anti malware.

I'm having various problems such as desktop icons not saving the position I arrange them in, after I restart they revert back.

Windows firewall will not work aswell. I was able to follow each step and attached/pasted the requested logs.

Attached Files


Edited by ryanjpr89, 30 May 2012 - 06:58 PM.


BC AdBot (Login to Remove)

 


#2 ryanjpr89

ryanjpr89
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 01 June 2012 - 04:52 PM

I still need help urgently, I don't want my passwords or bank account compromised. I have a lot of personal information on this computer and don't have anyway of backing it up. below are the two attached files to make the process easier for anyone who could assist me.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
AC3Filter 1.63b
ACDSee 14
ACDSee Photo Manager 12
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 9.2
Adobe Shockwave Player 11.6
Advanced AI Mod
AhaView
AIM 7
Antares Autotune Evo VST RTAS v6.0.9
Apple Application Support
Apple Software Update
ASIO4ALL
Ask Toolbar
ATI Catalyst Install Manager
Battlelog Web Plugins
BigPOP
CameraHelperMsi
Canon MP250 series MP Drivers
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Command & Conquer Renegade
Compatibility Pack for the 2007 Office system
ContrastMaster 1.06 (Standalone/Lightroom)
ConvertHelper 2.2
DivX Setup
Download Updater (AOL LLC)
erLT
ESN Sonar
Evaer Video Recorder for Skype 1.2.3.15
EVEREST Home Edition v2.20
Facebook Messenger 2.1.4520.0
FL Studio 9
Game Booster 3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
grepWin
Half-Life® 2
Hardcore
IDroo 1.0.0.154
IL Download Manager
Image'in Winamp by WinampFR
InFlac 1.1.1
Java Auto Updater
Java™ 6 Update 29
Java™ 6 Update 32
K-Lite Codec Pack 7.7.0 (Full)
Label@Once 1.0
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Media Player Classic - Home Cinema v1.5.3.3470
Medieval CUE Splitter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MyToshiba
NetZero Launcher
NNScript
ooVoo
ooVoo toolbar, powered by Ask.com Updater
Origin
Pandora Service
PDF Settings CS5
PFPortChecker 1.0.39
Photomatix Pro version 4.1.4
PlayReady PC Runtime x86
PoiZone
Quickbooks Financial Center
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RegEditX
RMVB Converter 1.8
RMVB Player 1.0.1
Rosetta Stone Version 3
RuneScape Launcher 1.2
Sakura
Sawer
SetupChecker
Skype™ 5.8
SoulSeek 157 NS 13e
Sound Forge Pro 10.0
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Steam
swMSM
Synaptics Pointing Device Driver
TeamViewer 6
TeamViewer 7
TibEd 2
Toshiba Application and Driver Installer
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Toxic Biohazard
Unity Web Player
URL Snooper v2.29.01
Utility Common Driver
VC80CRTRedist - 8.0.50727.6195
VirtualCloneDrive
VobSub v2.08 (Remove Only)
Westwood Shared Internet Components
WildTangent Games
Winamp
Winamp Detector Plug-in
Window Washer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WinRAR 4.01 (32-bit)
XCC Utilities 1.46
Xvid MPEG-4 Video Codec
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-30 19:55:06
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK2576GSX rev.GS001A
Running: vo7s2vtu.exe; Driver: C:\Users\Ryan\AppData\Local\Temp\kxldrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C4A539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\lamchvam.sys The system cannot find the path specified. !
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88754000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88799000, 0x3DC, 0x48000040]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E81A000, 0x2D5526, 0xE8000020]
? C:\Users\Ryan\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2112] ntdll.dll!LdrLoadDll 7715F5B5 5 Bytes JMP 6CFBC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2112] kernel32.dll!MapViewOfFile 76F9C05C 5 Bytes JMP 6D1EE083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2112] kernel32.dll!VirtualAlloc 76FA0594 5 Bytes JMP 6D1EE0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2112] GDI32.dll!CreateDIBSection 772785F0 5 Bytes JMP 6D1EE00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3192] USER32.dll!SetWindowLongA 7703B1E3 5 Bytes JMP 6D345EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3192] USER32.dll!SetWindowLongW 77046614 5 Bytes JMP 6D345E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3192] USER32.dll!GetWindowInfo 77046A82 5 Bytes JMP 6D134822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3192] USER32.dll!TrackPopupMenu 77064B3B 5 Bytes JMP 6D134DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Ryan\AppData\Local\Mozilla\Firefox\Profiles\4223mwf2.default\jumpListCache\Sgfnc2VvfoZTB5fLvCLb5Q==.ico 794 bytes
File C:\Users\Ryan\AppData\Local\Temp\Cookies\BRHPJJRB.txt 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by ryanjpr89, 01 June 2012 - 05:30 PM.


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 03 June 2012 - 12:42 PM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Please also include a detailed description of the 'problem with trojans' you are having. Are you getting virus detections? Something else? If a virus detection, what virus is it finding?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 ryanjpr89

ryanjpr89
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 June 2012 - 06:05 PM

when I scan I don't pickup anymore viruses but I still can't run windows firewall, and my desktop icons won't save the positions after I restart my computer, they all seem to revert. Another problem is when I try to click the sharing tab on my wireless connection it says "Windows cannot display the Properties of this connection. The Windows Management Instrumentation (WMI) information might be corrupted.

To correct this, use System Restore to restore Windows to an earlier time (called a restore point). System Restore is located in the System Tools folder in Accessories." I don't wanna do system restore due to it might causing a virus to reappear and i'm pretty sure the viruses I had deleted all my restore points, so I need to fix the WMI.




Here are the logs you requested

OTL logfile created on: 6/3/2012 5:05:33 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Ryan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 72.50% Memory free
3.50 Gb Paging File | 2.88 Gb Available in Paging File | 82.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 67.25 Gb Free Space | 30.11% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/03 17:04:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2012/05/03 20:28:17 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/03 20:28:17 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 20:28:17 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/19 00:54:46 | 001,867,480 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/01/09 05:30:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/09 19:28:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/17 15:42:47 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/17 13:05:14 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2011/06/17 13:05:14 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/17 15:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/28 00:17:26 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/28 00:17:23 | 000,182,768 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/07/30 02:54:10 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 21:16:21 | 001,912,832 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/13 21:16:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 21:15:38 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2012/05/01 01:21:15 | 000,028,488 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/09/29 03:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 20:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 15:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 18:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 18:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 19:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/02 17:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/05/05 03:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {3C14A3AB-030D-4E43-B6D3-294436FCFB3C}
IE - HKLM\..\SearchScopes\{3C14A3AB-030D-4E43-B6D3-294436FCFB3C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\..\SearchScopes,DefaultScope = {4CD2368C-6D80-4D10-8E6A-46595DE6D52C}
IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\..\SearchScopes\{4CD2368C-6D80-4D10-8E6A-46595DE6D52C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS436
IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ryan\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/10 09:00:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 20:28:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/20 14:31:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000EE7C757C72B2D65BD15E3B4A8419F7D87

[2011/07/22 00:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2012/05/30 20:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions
[2012/05/30 20:35:48 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/30 04:15:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/06 20:43:22 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/08/09 22:33:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\backup{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/14 14:07:27 | 000,000,000 | ---D | M] ("Advanced Cookie Manager") -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\cookiemgr@jayapal.com
[2012/05/28 21:38:40 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\toolbar@ask.com
[2011/09/07 16:41:47 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\TooManyTabs@visibotech.com
[2011/08/08 05:00:31 | 000,000,914 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\searchplugins\dictionarycom.xml
[2012/05/03 20:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/31 07:10:19 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2011/07/28 04:48:14 | 000,003,406 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\{A66191D8-898B-4A66-89BE-D5B279477A54}.XPI
[2012/01/05 17:17:41 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/16 21:13:30 | 000,014,108 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\{DAD0F81A-CF67-4EED-98D6-26F6E47274CA}.XPI
[2011/07/28 04:41:39 | 000,004,416 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\OICTAB@TELEKAWARU.COM.XPI
[2011/07/28 04:41:39 | 000,008,863 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\OPENMULTIPLELOCATIONS@JORDANMATUSZEK.COM.XPI
[2011/07/28 04:41:39 | 000,012,095 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\URLLISTER@BINNYVA.COM.XPI
[2012/05/03 20:28:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/03 20:28:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/03 20:28:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Ryan\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/07/14 13:04:06 | 000,001,211 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\System32\MPG4ds32.ax (Microcrap Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A3E319B-AB2D-453C-A74C-785A419435D4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files\Logitech\Ereg\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpFolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found
MsConfig - StartUpReg: ACSW14EN - hkey= - key= - C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
MsConfig - StartUpReg: avichannel - hkey= - key= - C:\Program Files\Evaer\videochannel.exe (Evaer)
MsConfig - StartUpReg: BID Drop Box - hkey= - key= - File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig - StartUpReg: KeNotify - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: LWS - hkey= - key= - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MyTOSHIBA - hkey= - key= - C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
MsConfig - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
MsConfig - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: TosSENotify - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - StartUpReg: Window Washer - hkey= - key= - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 17:04:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2012/05/30 18:56:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2012/05/28 21:38:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2012/05/28 21:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/05/28 21:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2012/05/28 21:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2012/05/28 21:36:28 | 001,633,360 | ---- | C] (ooVoo LLC) -- C:\Users\Ryan\Desktop\ooVooSetup.exe
[2012/05/23 22:42:17 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/05/22 20:35:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\The.Thin.Red.Line.1998.720p.BluRay.x264-x0r
[2012/05/21 19:12:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\John.Travolta.MOViE.PACK.DVDRip.XviD-IPT
[2012/05/20 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\The.Grey.2011.BRRip.XviD-3LT0N
[2012/05/18 13:42:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Journey.2.The.Mysterious.Island.2012.BRRip.Xvid.Ac3.ANALOG
[2012/05/17 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/11 05:26:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\IMVU
[2012/05/09 12:51:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Get The Gringo (2012) HDTV-SER
[2012/05/08 17:06:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\21 Jump Street 2012 R5 NEW LiNE XViD - INSPiRAL
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 17:04:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2012/06/03 16:52:03 | 000,000,024 | ---- | M] () -- C:\Users\Ryan\random.dat
[2012/06/03 16:38:54 | 000,000,024 | ---- | M] () -- C:\Users\Ryan\jagexappletviewer.preferences
[2012/06/03 16:31:15 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 16:31:15 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 16:25:15 | 000,000,043 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE.dat
[2012/06/03 16:23:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/03 16:22:55 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/03 03:16:13 | 000,000,044 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE1.dat
[2012/06/02 23:17:22 | 000,007,638 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2012/06/02 23:09:47 | 000,354,100 | ---- | M] () -- C:\Users\Ryan\Desktop\IMG_02062012_230807.png
[2012/06/01 07:47:34 | 004,207,814 | ---- | M] () -- C:\Users\Ryan\Desktop\10 - Outrageous Cherry - lord have mercy on me.mp3
[2012/05/31 23:46:10 | 007,585,792 | ---- | M] () -- C:\Users\Ryan\Desktop\05 _ i am dreaming.mp3
[2012/05/30 23:29:16 | 012,751,076 | ---- | M] () -- C:\Users\Ryan\Desktop\bonobo - the plug.mp3
[2012/05/30 23:28:50 | 008,981,336 | ---- | M] () -- C:\Users\Ryan\Desktop\03-bonobo_-_the_plug_quantic_mix-ds.mp3
[2012/05/30 19:00:55 | 000,302,592 | ---- | M] () -- C:\Users\Ryan\Desktop\vo7s2vtu.exe
[2012/05/30 18:56:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2012/05/30 18:56:14 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\defogger_reenable
[2012/05/30 18:55:42 | 000,050,477 | ---- | M] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2012/05/28 21:37:57 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2012/05/28 21:36:41 | 001,633,360 | ---- | M] (ooVoo LLC) -- C:\Users\Ryan\Desktop\ooVooSetup.exe
[2012/05/27 04:25:50 | 000,448,622 | ---- | M] () -- C:\Users\Ryan\Desktop\IMG_27052012_042447.png
[2012/05/26 22:06:25 | 002,831,762 | ---- | M] () -- C:\Users\Ryan\Desktop\20120526_152615.jpg
[2012/05/24 23:11:09 | 000,662,328 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/24 23:11:09 | 000,121,984 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/24 20:18:36 | 000,001,243 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts2
[2012/05/24 19:54:24 | 000,142,848 | ---- | M] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/23 22:38:11 | 000,000,435 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/02 23:09:24 | 000,354,100 | ---- | C] () -- C:\Users\Ryan\Desktop\IMG_02062012_230807.png
[2012/06/01 07:46:35 | 004,207,814 | ---- | C] () -- C:\Users\Ryan\Desktop\10 - Outrageous Cherry - lord have mercy on me.mp3
[2012/05/31 23:44:41 | 007,585,792 | ---- | C] () -- C:\Users\Ryan\Desktop\05 _ i am dreaming.mp3
[2012/05/30 23:28:54 | 012,751,076 | ---- | C] () -- C:\Users\Ryan\Desktop\bonobo - the plug.mp3
[2012/05/30 23:28:31 | 008,981,336 | ---- | C] () -- C:\Users\Ryan\Desktop\03-bonobo_-_the_plug_quantic_mix-ds.mp3
[2012/05/30 19:00:55 | 000,302,592 | ---- | C] () -- C:\Users\Ryan\Desktop\vo7s2vtu.exe
[2012/05/30 18:56:14 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\defogger_reenable
[2012/05/30 18:55:39 | 000,050,477 | ---- | C] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2012/05/28 21:37:57 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2012/05/27 04:25:08 | 000,448,622 | ---- | C] () -- C:\Users\Ryan\Desktop\IMG_27052012_042447.png
[2012/05/26 22:01:02 | 002,831,762 | ---- | C] () -- C:\Users\Ryan\Desktop\20120526_152615.jpg
[2012/05/20 14:31:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/05/01 01:18:55 | 000,028,488 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2011/11/28 14:16:40 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\{669124CD-0DE4-43A2-8349-F47546F0E35E}
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2011/10/20 23:20:38 | 000,000,084 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2011/09/09 05:51:43 | 000,216,064 | ---- | C] ( ) -- C:\windows\System32\lagarith.dll
[2011/09/05 10:05:56 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/09/05 10:05:55 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/09/05 10:05:55 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/09/05 10:05:55 | 000,074,752 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/08/23 00:03:12 | 000,000,035 | ---- | C] () -- C:\windows\worldbuilder.INI
[2011/08/19 21:27:11 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/08/16 09:32:51 | 000,000,980 | ---- | C] () -- C:\windows\eReg.dat
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2011/08/09 18:18:57 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/07/31 06:31:44 | 000,001,456 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/07/31 06:29:46 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/07/31 00:37:13 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\{A44AE0F3-7BCB-4DC2-96DC-FBFC0510D98B}
[2011/07/28 15:30:17 | 000,000,046 | ---- | C] () -- C:\windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2011/07/20 04:18:51 | 002,392,064 | ---- | C] () -- C:\windows\System32\videotrans.dll
[2011/07/20 04:18:51 | 000,215,040 | ---- | C] () -- C:\windows\System32\videoformat.dll
[2011/07/20 04:18:51 | 000,061,440 | ---- | C] () -- C:\windows\System32\imgscaler.dll
[2011/07/20 04:18:51 | 000,022,016 | ---- | C] () -- C:\windows\System32\img_utils.dll
[2011/07/20 04:18:51 | 000,017,920 | ---- | C] () -- C:\windows\System32\videocore.dll
[2011/07/07 01:25:10 | 003,835,624 | ---- | C] () -- C:\windows\System32\SpoonUninstall.exe
[2011/07/04 18:26:05 | 000,144,768 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/06/29 00:16:57 | 000,000,943 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\coreavc.ini
[2011/06/28 09:17:06 | 000,142,848 | ---- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 12:28:30 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/06/21 07:00:05 | 000,007,638 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2011/06/17 15:48:15 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2011/06/17 15:43:47 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/06/17 15:27:41 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2011/06/17 15:22:40 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/06/17 15:21:21 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2011/06/17 15:21:21 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011/06/17 15:17:11 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2011/06/17 14:53:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll

========== LOP Check ==========

[2011/06/21 01:28:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\acccore
[2011/06/28 08:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ACD Systems
[2011/12/06 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Antares
[2011/08/09 16:10:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011/08/20 00:55:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\dBpoweramp
[2011/07/28 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DonationCoder
[2012/03/18 22:43:28 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Evaer
[2011/08/09 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\grepWin
[2012/02/08 17:42:45 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\HDRsoft
[2012/05/11 05:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\IMVU
[2012/05/11 05:20:18 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\IMVUClient
[2012/03/17 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leadertech
[2011/09/14 14:05:59 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leawo
[2012/01/20 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ManyCam
[2012/03/10 00:24:49 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\NoNameScript
[2012/05/28 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2012/02/04 17:58:46 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Origin
[2011/08/20 01:46:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Publish Providers
[2011/11/04 11:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Renegade
[2011/08/20 01:56:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Sony
[2011/06/28 13:58:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SorensonMedia
[2011/07/14 17:04:00 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/10 00:17:24 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SynthMaker
[2012/05/12 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TeamViewer
[2011/10/20 23:20:40 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Template
[2011/07/14 23:24:31 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ThePluginSite
[2011/09/08 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\toshiba
[2011/10/14 08:08:44 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Unity
[2012/06/03 03:45:58 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2011/06/17 15:47:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2012/05/09 12:40:36 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/08/28 00:25:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/01/13 05:41:54 | 000,000,079 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2009/02/07 14:24:56 | 000,000,063 | ---- | M] () -- C:\gabest_splitter_disable.cmd
[2009/02/07 14:22:58 | 000,000,060 | ---- | M] () -- C:\gabest_splitter_enable.cmd
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/06/03 16:22:55 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/06/28 11:54:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/21 01:28:03 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2009/02/07 14:20:02 | 000,450,560 | ---- | M] (Gabest) -- C:\MatroskaSplitterx86.ax
[2011/06/28 11:54:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/06/03 16:23:00 | 1877,393,408 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/04/24 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\windows\system32\Spool\prtprocs\w32x86\CNMPD9W.DLL
[2010/04/24 06:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\windows\system32\Spool\prtprocs\w32x86\CNMPP9W.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/03 20:28:13 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/03 20:28:13 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/03 20:28:13 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/03 20:28:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/03 20:28:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/03 20:28:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/12 04:07:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/09/12 04:07:03 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/03 20:28:13 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/03 20:28:13 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/03 20:28:13 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/03 20:28:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/03 20:28:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/03 20:28:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/12 04:07:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/09/12 04:07:03 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 6/3/2012 5:05:33 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Ryan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 72.50% Memory free
3.50 Gb Paging File | 2.88 Gb Available in Paging File | 82.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 67.25 Gb Free Space | 30.11% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [grepWin...] -- C:\Program Files\grepWin\grepWin.exe /searchpath:"%1" (http://tools.tortoisesvn.net)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.3.3470
"{26A24AE4-039D-4CA4-87B4-2F83216029F0}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{274D6CBD-5320-42BC-98D3-AA980453A570}" = SetupChecker
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8901E8-FD84-4C4C-9BC9-55E2282A6D6D}" = BigPOP
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C085527-4F36-4F0B-8C95-EF55DB6E9132}" = grepWin
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}" = ACDSee 14
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1" = RMVB Converter 1.8
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced AI Mod0.98b" = Advanced AI Mod
"AhaView" = AhaView
"AIM_7" = AIM 7
"Antares Autotune Evo VST RTAS_is1" = Antares Autotune Evo VST RTAS v6.0.9
"ASIO4ALL" = ASIO4ALL
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ContrastMaster 1.06 (Standalone/Lightroom)_is1" = ContrastMaster 1.06 (Standalone/Lightroom)
"DivX Setup" = DivX Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Evaer Video Recorder for Skype" = Evaer Video Recorder for Skype 1.2.3.15
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 9" = FL Studio 9
"Game Booster_is1" = Game Booster 3
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDroo" = IDroo 1.0.0.154
"IL Download Manager" = IL Download Manager
"Image'in Winamp by WinampFR" = Image'in Winamp by WinampFR
"InFlac" = InFlac 1.1.1
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full)
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PFPortChecker" = PFPortChecker 1.0.39
"PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.4
"PoiZone" = PoiZone
"RegEditX" = RegEditX
"Renegade" = Command & Conquer Renegade
"RMVB Player_is1" = RMVB Player 1.0.1
"Sakura" = Sakura
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TibEd2" = TibEd 2
"Toxic Biohazard" = Toxic Biohazard
"URLSnooper 2_is1" = URL Snooper v2.29.01
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VobSub" = VobSub v2.08 (Remove Only)
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"Window Washer" = Window Washer
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WOLAPI" = Westwood Shared Internet Components
"XCC Utilities" = XCC Utilities 1.46
"xvid" = Xvid MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"Google Chrome" = Google Chrome
"NoNameScript" = NNScript
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2012 12:16:35 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3161, time stamp:
0x4e0cc0ab Faulting module name: nsutil.dll, version: 0.0.0.0, time stamp: 0x4e0cc0b5
Exception
code: 0xc0000005 Fault offset: 0x00060836 Faulting process id: 0x1c34 Faulting application
start time: 0x01cd0b073535e948 Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
module path: C:\Program Files\Winamp\nsutil.dll Report Id: 795f86af-76fa-11e1-bb43-002622f172b3

Error - 3/28/2012 3:52:22 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3161, time stamp:
0x4e0cc0ab Faulting module name: nsutil.dll, version: 0.0.0.0, time stamp: 0x4e0cc0b5
Exception
code: 0xc0000005 Fault offset: 0x00060836 Faulting process id: 0x1138 Faulting application
start time: 0x01cd0cb7ae7e825e Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
module path: C:\Program Files\Winamp\nsutil.dll Report Id: f2c4979a-78aa-11e1-b42c-002622f172b3

Error - 4/12/2012 3:48:35 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.5.0.124, time stamp:
0x4e96a02b Faulting module name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b
Exception
code: 0xc0000005 Fault offset: 0x0000b52a Faulting process id: 0xfcc Faulting application
start time: 0x01cd17f1a34fb5b0 Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files\Skype\Phone\Skype.exe Report Id: e7c0b2f7-8473-11e1-90cc-002622f172b3

Error - 4/17/2012 3:13:41 AM | Computer Name = Ryan-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Live Messenger' could not be shut
down.

Error - 4/17/2012 3:36:36 PM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.5.0.124, time stamp:
0x4e96a02b Faulting module name: d3d9.dll, version: 2.0.2.5, time stamp: 0x4ed9bef2
Exception
code: 0xc0000005 Fault offset: 0x0000ad50 Faulting process id: 0xe88 Faulting application
start time: 0x01cd1cd0c5cd7490 Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files\Skype\Phone\d3d9.dll Report Id: a4e3dac1-88c4-11e1-bfb9-002622f172b3

Error - 4/17/2012 5:31:47 PM | Computer Name = Ryan-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 4/25/2012 3:20:27 AM | Computer Name = Ryan-PC | Source = Google Update | ID = 20
Description =

Error - 5/7/2012 2:23:02 AM | Computer Name = Ryan-PC | Source = TOSHIBA Service Station | ID = 0
Description = Cannot start service TMachInfo on computer '.'.

Error - 5/7/2012 2:23:02 AM | Computer Name = Ryan-PC | Source = TOSHIBA Service Station | ID = 0
Description = TSS Load: could not communicate with TMachInfo service

Error - 5/10/2012 12:17:27 PM | Computer Name = Ryan-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 11/28/2011 6:24:07 AM | Computer Name = Ryan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 11/28/2011 6:24:07 AM | Computer Name = Ryan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 11/28/2011 6:24:07 AM | Computer Name = Ryan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 11/28/2011 6:24:07 AM | Computer Name = Ryan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 11/28/2011 6:24:07 AM | Computer Name = Ryan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 11/28/2011 6:40:17 AM | Computer Name = Ryan-PC | Source = ipnathlp | ID = 34001
Description =

Error - 11/28/2011 1:12:40 PM | Computer Name = Ryan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11/28/2011 1:12:40 PM | Computer Name = Ryan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/28/2011 2:14:17 PM | Computer Name = Ryan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11/28/2011 2:14:17 PM | Computer Name = Ryan-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-03 19:04:43
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK2576GSX rev.GS001A
Running: vo7s2vtu.exe; Driver: C:\Users\Ryan\AppData\Local\Temp\kxldrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C5D539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C82092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88545000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8858A000, 0x3DC, 0x48000040]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E63E000, 0x2D5526, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3340] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 6A11C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3340] kernel32.dll!MapViewOfFile 7786C05C 5 Bytes JMP 6A34E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3340] kernel32.dll!VirtualAlloc 77870594 5 Bytes JMP 6A34E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3340] GDI32.dll!CreateDIBSection 772985F0 5 Bytes JMP 6A34E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 03 June 2012 - 08:02 PM

Hello, ryanjpr89.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Also...are you running an antivirus? I don't see one in your logs.





Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.







Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 ryanjpr89

ryanjpr89
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 June 2012 - 08:26 PM

I actually do use malwarebyes anti malware, I just updated it before I posted those logs and did a quick scan, and it came up clean, I'm not doing a full scan, waiting for it to finish. I know the risks of uses Utorrent, and I only use trusted sites, i've had it for a while and never had problems, I've never gotten a virus from the private website I use it for.

Here's the logs for the Farbar service scan.



Farbar Service Scanner Version: 27-05-2012
Ran by SYSTEM (administrator) on 03-06-2012 at 21:24:37
Running from "C:\Users\Ryan\Desktop"
Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2011-08-09 17:01] - [2011-06-21 01:39] - 1286016 ____A (Microsoft Corporation) C2DAAEB48F3A47C410B041A0D2382EE1

C:\windows\system32\dnsrslvr.dll
[2011-08-09 17:01] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\windows\system32\wscsvc.dll
[2011-08-09 19:26] - [2010-12-21 01:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll
[2009-07-13 20:15] - [2009-07-13 21:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#7 ryanjpr89

ryanjpr89
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 June 2012 - 08:33 PM

Also, i'm still having problems when I try to use sharing on my wireless internet I go to the sharing tab and it says this ""Windows cannot display the Properties of this connection. The Windows Management Instrumentation (WMI) information might be corrupted.

To correct this, use System Restore to restore Windows to an earlier time (called a restore point). System Restore is located in the System Tools folder in Accessories." I don't wanna do system restore due to it might causing a virus to reappear and i'm pretty sure the viruses I had deleted all my restore points, so I need to fix the WMI."

I also cannot start the windows firewall service with the error message "Windows could not start Windows Firewall on Local Computer. For more information, review the System Event Log. If this is a non-microsoft service, contact the service vendor, and refer to service-specific error code 5."

Here is the system event log message "The Windows Firewall service terminated with service-specific error Access is denied.."

Aswell as the Function Discovery Resource Publication service will not start with the error message "Windows could not start the Function Discovery Resource Publication service on the local computer. error 0x80070005: Access is denied.

Even viewer shows this about the service "The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891"

Edited by ryanjpr89, 03 June 2012 - 08:38 PM.


#8 ryanjpr89

ryanjpr89
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 June 2012 - 08:52 PM

The full scan on malwarebyres anti malware was completed, nothing was found. I cannot remove the ask.com toolbar it came with oovoo and says internet explorer is open when I try to uninstall it from add/remove programs, there's no option to remove it under IE addons, just a disable option. I'll restart my computer later, and try to remove it, but i'm not worried about it since it was installed after I had all the viruses, and I trust oovoo.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 04 June 2012 - 07:13 PM

Hello, ryanjpr89.

Do you have an antivirus installed? I only saw Malwarebytes' Anti-Malware which is not an antivirus.


Given the issues on the machine, let's go ahead and run Combofix.


Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 ryanjpr89

ryanjpr89
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 04 June 2012 - 10:59 PM

seems like combofix solved all my problems, desktop icons are working and every other problem I posted seems to be fixed now, thank you for the help.

ComboFix 12-06-04.03 - Ryan 06/04/2012 23:35:05.1.1 - x86
Running from: c:\users\Ryan\Desktop\etavaresCF.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 03:45 . 2012-06-05 03:47 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2012-06-05 03:45 . 2012-06-05 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 01:38 . 2012-05-29 01:39 -------- d-----w- c:\users\Ryan\AppData\Roaming\ooVoo Details
2012-05-29 01:38 . 2012-05-29 01:38 -------- d-----w- c:\program files\Ask.com
2012-05-24 02:42 . 2012-05-24 02:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-11 09:26 . 2012-05-11 09:26 -------- d-----w- c:\users\Ryan\AppData\Roaming\IMVU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 19:57 . 2012-04-07 16:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 19:57 . 2011-06-17 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 05:30 . 2012-05-01 05:30 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 05:30 . 2011-06-17 17:05 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 05:21 . 2012-05-01 05:18 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-17 21:38 . 2012-04-17 21:38 14744 ----a-w- c:\users\Ryan\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll
2012-04-04 19:56 . 2011-06-19 05:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 17:35 . 2012-03-17 17:35 53248 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-04 00:28 . 2011-07-22 04:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-08-28 04:17 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 21:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW14EN]
2011-09-20 04:57 1231472 ----a-w- c:\program files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-05-04 19:43 1561768 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avichannel]
2011-12-05 04:44 1690112 ----a-w- c:\program files\Evaer\videochannel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-03-10 08:12 137536 ----atw- c:\users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-11 16:23 136176 ----atw- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2009-06-02 16:24 425984 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2009-01-14 04:33 34088 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 18:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 00:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-05-03 12:36 17355912 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 05:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-03 07:47 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2009-07-10 02:38 352256 ----a-w- c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 04:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-02-11 17:45 1295736 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-09-17 19:37 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-05 21:18 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 18:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2011-09-29 21632]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-05-01 28488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-09 1343400]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 135664]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R4 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [2012-03-19 1867480]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-08-28 332272]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R4 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
R4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-BID Drop Box - c:\program files\Bulk Image Downloader\BIDDropBox.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3933831232-4058156761-3136886079-1002)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice]
@Denied: (2) (S-1-5-21-3933831232-4058156761-3136886079-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14o"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice]
@Denied: (2) (S-1-5-21-3933831232-4058156761-3136886079-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14p"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice]
@Denied: (2) (S-1-5-21-3933831232-4058156761-3136886079-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14pf"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (S-1-5-21-3933831232-4058156761-3136886079-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (S-1-5-21-3933831232-4058156761-3136886079-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (S-1-5-21-3933831232-4058156761-3136886079-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-3933831232-4058156761-3136886079-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CISVC.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-04 23:54:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-05 03:54
.
Pre-Run: 70,016,688,128 bytes free
Post-Run: 71,438,680,064 bytes free
.
- - End Of File - - 2B521E4F4C63FAA1C3744BCF53D3E3BD

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 05 June 2012 - 07:38 PM

Hello, ryanjpr89.

Great news! HOwever, we still have work to do.

Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_USERS\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Avira
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Note: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 ryanjpr89

ryanjpr89
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 06 June 2012 - 04:54 AM

Here is the log you requested, I downloaded Kaspersky antivirus trial, and when the trial runs up i'll try out Avast!





ComboFix 12-06-05.04 - Ryan 06/06/2012 5:35.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1253 [GMT -4:00]
Running from: c:\users\Ryan\Desktop\etavaresCF.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ryan\Desktop\Setup.exe
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 09:47 . 2012-06-06 09:47 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2012-06-06 09:47 . 2012-06-06 09:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 01:38 . 2012-05-29 01:39 -------- d-----w- c:\users\Ryan\AppData\Roaming\ooVoo Details
2012-05-29 01:38 . 2012-05-29 01:38 -------- d-----w- c:\program files\Ask.com
2012-05-24 02:42 . 2012-05-24 02:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-11 09:26 . 2012-05-11 09:26 -------- d-----w- c:\users\Ryan\AppData\Roaming\IMVU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 19:57 . 2012-04-07 16:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 19:57 . 2011-06-17 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 05:30 . 2012-05-01 05:30 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 05:30 . 2011-06-17 17:05 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 05:21 . 2012-05-01 05:18 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-17 21:38 . 2012-04-17 21:38 14744 ----a-w- c:\users\Ryan\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll
2012-04-04 19:56 . 2011-06-19 05:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 17:35 . 2012-03-17 17:35 53248 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-04 00:28 . 2011-07-22 04:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-08-28 04:17 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 21:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW14EN]
2011-09-20 04:57 1231472 ----a-w- c:\program files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-05-04 19:43 1561768 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avichannel]
2011-12-05 04:44 1690112 ----a-w- c:\program files\Evaer\videochannel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-03-10 08:12 137536 ----atw- c:\users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-11 16:23 136176 ----atw- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2009-06-02 16:24 425984 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2009-01-14 04:33 34088 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 18:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 00:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-05-03 12:36 17355912 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 05:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-03 07:47 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2009-07-10 02:38 352256 ----a-w- c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 04:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-02-11 17:45 1295736 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-09-17 19:37 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-05 21:18 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 18:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2011-09-29 21632]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-05-01 28488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-09 1343400]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 135664]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R4 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [2012-03-19 1867480]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-08-28 332272]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R4 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
R4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 05:51:17
ComboFix-quarantined-files.txt 2012-06-06 09:51
ComboFix2.txt 2012-06-05 03:54
.
Pre-Run: 55,030,431,744 bytes free
Post-Run: 54,981,857,280 bytes free
.
- - End Of File - - B6D89839F717846C398094EC5F5C470E

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 06 June 2012 - 07:26 PM

Hello, ryanjpr89.


Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 30 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 29
    Java 6 Update 32
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




Step 2

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 3

Please run OTL, click Quick Scan and post the resulting log here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 ryanjpr89

ryanjpr89
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 28 June 2012 - 04:28 AM

Sorry for the late reply, but it seems like the problem is back. Function Discovery Resource Publication service will not start, along with ipsec service, and IKE and authIP service. Windows firewall service doesn't even show up under services list now, and will not start again. I tried scanning with my anti virus, and malware, but nothing come up. here is the otl report.



OTL logfile created on: 6/27/2012 10:05:59 AM - Run 2
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Ryan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 52.61% Memory free
3.50 Gb Paging File | 2.57 Gb Available in Paging File | 73.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 28.21 Gb Free Space | 12.63% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 19:09:06 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/22 20:26:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/21 13:46:20 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/06/03 17:04:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2011/06/30 14:30:10 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/25 19:09:06 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/22 20:26:33 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/29 04:00:00 | 003,862,016 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffmpeg.dll
MOD - [2011/08/29 04:00:00 | 003,578,880 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011/08/29 04:00:00 | 000,327,680 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll
MOD - [2011/07/02 00:28:15 | 000,623,616 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s
MOD - [2011/07/02 00:28:15 | 000,174,080 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s
MOD - [2011/07/02 00:28:15 | 000,154,624 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s
MOD - [2011/07/02 00:28:15 | 000,103,936 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s
MOD - [2011/07/02 00:28:15 | 000,090,112 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s
MOD - [2011/07/02 00:28:15 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s
MOD - [2011/07/02 00:28:15 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll
MOD - [2011/07/02 00:28:15 | 000,047,616 | ---- | M] () -- C:\Program Files\Winamp\zlib.dll
MOD - [2011/07/02 00:28:15 | 000,044,544 | ---- | M] () -- C:\Program Files\Winamp\System\devices.w5s
MOD - [2011/07/02 00:28:15 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s
MOD - [2011/07/02 00:28:15 | 000,023,040 | ---- | M] () -- C:\Program Files\Winamp\System\albumart.w5s
MOD - [2011/07/02 00:28:15 | 000,021,504 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s
MOD - [2011/07/02 00:28:15 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s
MOD - [2011/07/02 00:28:15 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s
MOD - [2011/07/02 00:28:15 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s
MOD - [2011/07/02 00:28:15 | 000,016,384 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s
MOD - [2011/07/02 00:28:15 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s
MOD - [2011/07/02 00:28:15 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s
MOD - [2011/07/02 00:28:14 | 001,737,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll
MOD - [2011/07/02 00:28:14 | 000,340,992 | ---- | M] () -- C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2011/07/02 00:28:14 | 000,312,832 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll
MOD - [2011/07/02 00:28:14 | 000,293,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll
MOD - [2011/07/02 00:28:14 | 000,285,696 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll
MOD - [2011/07/02 00:28:14 | 000,252,416 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll
MOD - [2011/07/02 00:28:14 | 000,250,368 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_devices.dll
MOD - [2011/07/02 00:28:14 | 000,241,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll
MOD - [2011/07/02 00:28:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll
MOD - [2011/07/02 00:28:14 | 000,183,808 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll
MOD - [2011/07/02 00:28:14 | 000,170,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll
MOD - [2011/07/02 00:28:14 | 000,165,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll
MOD - [2011/07/02 00:28:14 | 000,125,440 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll
MOD - [2011/07/02 00:28:14 | 000,118,272 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll
MOD - [2011/07/02 00:28:14 | 000,113,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_wifi.dll
MOD - [2011/07/02 00:28:14 | 000,109,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll
MOD - [2011/07/02 00:28:14 | 000,102,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll
MOD - [2011/07/02 00:28:14 | 000,083,456 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll
MOD - [2011/07/02 00:28:14 | 000,082,944 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll
MOD - [2011/07/02 00:28:14 | 000,074,752 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_nsv.dll
MOD - [2011/07/02 00:28:14 | 000,072,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_dshow.dll
MOD - [2011/07/02 00:28:14 | 000,068,608 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_avi.dll
MOD - [2011/07/02 00:28:14 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_android.dll
MOD - [2011/07/02 00:28:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll
MOD - [2011/07/02 00:28:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll
MOD - [2011/07/02 00:28:14 | 000,053,760 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll
MOD - [2011/07/02 00:28:14 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll
MOD - [2011/07/02 00:28:14 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll
MOD - [2011/07/02 00:28:14 | 000,050,688 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll
MOD - [2011/07/02 00:28:14 | 000,049,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mkv.dll
MOD - [2011/07/02 00:28:14 | 000,043,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flv.dll
MOD - [2011/07/02 00:28:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_Loop.dll
MOD - [2011/07/02 00:28:14 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll
MOD - [2011/07/02 00:28:14 | 000,031,744 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll
MOD - [2011/07/02 00:28:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll
MOD - [2011/07/02 00:28:14 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
MOD - [2011/07/02 00:28:14 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011/07/02 00:28:14 | 000,025,600 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll
MOD - [2011/07/02 00:28:14 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_swf.dll
MOD - [2011/07/02 00:28:14 | 000,022,528 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll
MOD - [2011/07/02 00:28:14 | 000,020,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll
MOD - [2011/07/02 00:28:14 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll
MOD - [2011/07/02 00:28:14 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll
MOD - [2011/07/02 00:28:14 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll
MOD - [2011/07/02 00:28:13 | 000,410,624 | ---- | M] () -- C:\Program Files\Winamp\nsutil.dll
MOD - [2011/07/02 00:28:13 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll
MOD - [2011/07/02 00:28:13 | 000,078,848 | ---- | M] () -- C:\Program Files\Winamp\nde.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/03 06:40:46 | 000,552,960 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax
MOD - [2011/03/03 06:40:08 | 000,150,528 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll
MOD - [2011/03/03 06:35:32 | 000,080,384 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
MOD - [2011/03/03 06:35:26 | 000,024,576 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2010/04/07 14:44:00 | 000,797,184 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\ac3filter.ax
MOD - [2007/02/28 05:53:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_msn.dll
MOD - [2004/12/10 11:15:34 | 000,221,184 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MpsSvc)
SRV - [2012/06/22 20:26:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/19 00:54:46 | 001,867,480 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/01/09 05:30:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/09 19:28:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/17 15:42:47 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/17 13:05:14 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2011/06/17 13:05:14 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/17 15:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/28 00:17:26 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/28 00:17:23 | 000,182,768 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/07/30 02:54:10 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 21:16:21 | 001,912,832 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/13 21:16:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 21:15:38 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2009/07/13 21:15:33 | 000,497,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2009/07/13 21:14:14 | 000,020,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\CISVC.EXE -- (CISVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ryan\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/06/06 06:07:22 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/09/29 03:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 20:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 15:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 18:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 18:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 19:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/02 17:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/05/05 03:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {3C14A3AB-030D-4E43-B6D3-294436FCFB3C}
IE - HKLM\..\SearchScopes\{3C14A3AB-030D-4E43-B6D3-294436FCFB3C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\..\SearchScopes,DefaultScope = {4CD2368C-6D80-4D10-8E6A-46595DE6D52C}
IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\..\SearchScopes\{4CD2368C-6D80-4D10-8E6A-46595DE6D52C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS436
IE - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ryan\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/10 09:00:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/06/06 06:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/06/06 06:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/20 14:31:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000EE7C757C72B2D65BD15E3B4A8419F7D87

[2011/07/22 00:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2012/06/26 22:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions
[2012/05/30 20:35:48 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/03/30 04:15:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/06 20:43:22 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/08/09 22:33:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\backup{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/14 14:07:27 | 000,000,000 | ---D | M] ("Advanced Cookie Manager") -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\cookiemgr@jayapal.com
[2011/09/07 16:41:47 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\extensions\TooManyTabs@visibotech.com
[2011/08/08 05:00:31 | 000,000,914 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\4223mwf2.default\searchplugins\dictionarycom.xml
[2012/06/19 17:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/19 17:03:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/31 07:10:19 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2011/07/28 04:48:14 | 000,003,406 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\{A66191D8-898B-4A66-89BE-D5B279477A54}.XPI
[2012/01/05 17:17:41 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/16 21:13:30 | 000,014,108 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\{DAD0F81A-CF67-4EED-98D6-26F6E47274CA}.XPI
[2011/07/28 04:41:39 | 000,004,416 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\OICTAB@TELEKAWARU.COM.XPI
[2011/07/28 04:41:39 | 000,008,863 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\OPENMULTIPLELOCATIONS@JORDANMATUSZEK.COM.XPI
[2012/04/20 21:11:07 | 000,097,687 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\TABUTILS@ITHINC.CN.XPI
[2011/07/28 04:41:39 | 000,012,095 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4223MWF2.DEFAULT\EXTENSIONS\URLLISTER@BINNYVA.COM.XPI
[2012/06/22 20:26:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/22 20:26:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/22 20:26:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Ryan\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/06/23 16:42:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3933831232-4058156761-3136886079-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A3E319B-AB2D-453C-A74C-785A419435D4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files\Logitech\Ereg\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpFolder: C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found
MsConfig - StartUpReg: ACSW14EN - hkey= - key= - C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
MsConfig - StartUpReg: avichannel - hkey= - key= - C:\Program Files\Evaer\videochannel.exe (Evaer)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig - StartUpReg: KeNotify - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: LWS - hkey= - key= - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MyTOSHIBA - hkey= - key= - C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
MsConfig - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: TosSENotify - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - StartUpReg: Window Washer - hkey= - key= - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 03:05:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\New folder (2)
[2012/06/25 19:09:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Macromedia
[2012/06/23 20:48:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/23 20:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/23 20:48:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Notepad++
[2012/06/23 20:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012/06/23 20:34:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\OxygenXMLEditor
[2012/06/23 20:32:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\com.oxygenxml
[2012/06/23 20:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxygen XML Editor 13.2
[2012/06/23 20:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Oxygen XML Editor 13
[2012/06/23 19:31:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\data
[2012/06/23 19:04:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\assist
[2012/06/23 16:56:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/23 16:32:39 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/23 16:32:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\temp
[2012/06/23 16:14:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/23 15:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/23 15:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/23 15:33:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/23 15:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/23 15:32:41 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/21 22:26:04 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2012/06/21 22:26:04 | 000,000,000 | RH-D | C] -- C:\Users\Ryan\AppData\Roaming\SecuROM
[2012/06/21 21:24:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TibEd 2
[2012/06/21 21:21:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Command & Conquer 3 Tiberium Wars
[2012/06/21 21:17:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012/06/21 13:45:41 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Ryan\Desktop\utorrent.exe
[2012/06/21 13:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012/06/19 20:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2012/06/19 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Hacker
[2012/06/19 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B54CD990-9B56-42DB-A91F-00DF8113DEB2}
[2012/06/09 01:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/06 06:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/06/06 06:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/06 06:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/06/06 06:07:22 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys
[2012/06/04 23:32:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/06/04 23:32:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/06/04 23:32:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/06/04 23:32:46 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/04 23:32:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/03 17:04:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2012/05/28 21:38:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2012/05/28 21:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 07:33:49 | 000,005,452 | ---- | M] () -- C:\Users\Ryan\Desktop\UserTask.xml
[2012/06/27 05:02:17 | 000,000,024 | ---- | M] () -- C:\Users\Ryan\random.dat
[2012/06/27 04:52:00 | 000,000,024 | ---- | M] () -- C:\Users\Ryan\jagexappletviewer.preferences
[2012/06/26 23:26:22 | 000,000,043 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE.dat
[2012/06/26 16:00:34 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 16:00:34 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 15:51:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/26 15:51:36 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 22:48:02 | 011,119,481 | ---- | M] () -- C:\Users\Ryan\Desktop\25 - RAZORS.OUT.mp3
[2012/06/24 20:23:07 | 000,092,634 | ---- | M] () -- C:\Users\Ryan\Documents\NOD.TibEd2project
[2012/06/24 08:19:58 | 000,000,284 | ---- | M] () -- C:\Users\Ryan\Desktop\run.bat
[2012/06/23 23:56:46 | 000,093,444 | ---- | M] () -- C:\Users\Ryan\Desktop\test2.tibed2project
[2012/06/23 23:24:54 | 000,000,193 | ---- | M] () -- C:\windows\WORDPAD.INI
[2012/06/23 21:53:26 | 000,110,101 | ---- | M] () -- C:\Users\Ryan\Documents\gdi3.TibEd2project
[2012/06/23 19:10:41 | 001,711,594 | ---- | M] () -- C:\Users\Ryan\Desktop\cnc3_modsdkexpansion.rar
[2012/06/23 18:57:55 | 000,093,289 | ---- | M] () -- C:\Users\Ryan\Documents\test2.TibEd2project
[2012/06/23 18:53:35 | 000,487,184 | ---- | M] () -- C:\Users\Ryan\Desktop\finalbig036b.zip
[2012/06/23 16:57:52 | 000,007,640 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2012/06/23 16:42:05 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/06/23 15:33:31 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/23 15:32:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/22 15:10:45 | 000,001,730 | ---- | M] () -- C:\Users\Ryan\Desktop\CNC3.exe - Shortcut.lnk
[2012/06/22 12:59:37 | 000,662,328 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/22 12:59:37 | 000,121,984 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/21 22:26:04 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2012/06/21 22:12:18 | 276,520,960 | ---- | M] () -- C:\Users\Ryan\Desktop\CNC3_patch109_eng.exe
[2012/06/21 21:55:30 | 000,022,881 | ---- | M] () -- C:\Users\Ryan\Documents\test.TibEd2project
[2012/06/21 21:24:58 | 000,001,028 | ---- | M] () -- C:\Users\Ryan\Desktop\Generals Mod Selector.lnk
[2012/06/21 21:24:58 | 000,000,961 | ---- | M] () -- C:\Users\Ryan\Desktop\TibEd 2.lnk
[2012/06/21 16:58:24 | 018,401,585 | ---- | M] () -- C:\Users\Ryan\Desktop\generalszh-104-english.exe
[2012/06/21 16:56:14 | 020,237,621 | ---- | M] () -- C:\Users\Ryan\Desktop\Generals-108-english.zip
[2012/06/21 13:46:20 | 000,000,952 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/21 13:46:20 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/06/21 13:45:44 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Ryan\Desktop\utorrent.exe
[2012/06/21 03:04:58 | 000,000,044 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE1.dat
[2012/06/18 18:31:46 | 004,444,038 | ---- | M] () -- C:\Users\Ryan\Desktop\Some Nights.mp3
[2012/06/17 22:35:27 | 005,888,642 | ---- | M] () -- C:\Users\Ryan\Desktop\Mythos - 03 - Alten Mara.mp3
[2012/06/17 17:11:14 | 000,364,568 | ---- | M] () -- C:\Users\Ryan\Desktop\prayer cape.png
[2012/06/13 01:05:04 | 006,738,616 | ---- | M] () -- C:\Users\Ryan\Desktop\answer_the_call.mp3
[2012/06/06 06:30:01 | 000,017,408 | ---- | M] () -- C:\Users\Ryan\AppData\Local\WebpageIcons.db
[2012/06/06 06:09:28 | 000,115,369 | ---- | M] () -- C:\windows\System32\drivers\klin.dat
[2012/06/06 06:09:28 | 000,097,961 | ---- | M] () -- C:\windows\System32\drivers\klick.dat
[2012/06/06 06:07:22 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys
[2012/06/03 17:04:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2012/05/30 18:56:14 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\defogger_reenable
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 07:33:49 | 000,005,452 | ---- | C] () -- C:\Users\Ryan\Desktop\UserTask.xml
[2012/06/25 01:51:25 | 011,119,481 | ---- | C] () -- C:\Users\Ryan\Desktop\25 - RAZORS.OUT.mp3
[2012/06/24 05:40:30 | 000,092,634 | ---- | C] () -- C:\Users\Ryan\Documents\NOD.TibEd2project
[2012/06/23 21:53:26 | 000,110,101 | ---- | C] () -- C:\Users\Ryan\Documents\gdi3.TibEd2project
[2012/06/23 19:10:39 | 001,711,594 | ---- | C] () -- C:\Users\Ryan\Desktop\cnc3_modsdkexpansion.rar
[2012/06/23 18:58:05 | 000,093,444 | ---- | C] () -- C:\Users\Ryan\Desktop\test2.tibed2project
[2012/06/23 18:53:46 | 001,011,712 | ---- | C] () -- C:\Users\Ryan\Desktop\FinalBIG.exe
[2012/06/23 18:53:46 | 000,046,884 | ---- | C] () -- C:\Users\Ryan\Desktop\finalbig.ini
[2012/06/23 18:53:32 | 000,487,184 | ---- | C] () -- C:\Users\Ryan\Desktop\finalbig036b.zip
[2012/06/23 15:33:31 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/23 11:02:16 | 000,000,284 | ---- | C] () -- C:\Users\Ryan\Desktop\run.bat
[2012/06/22 15:10:22 | 000,001,730 | ---- | C] () -- C:\Users\Ryan\Desktop\CNC3.exe - Shortcut.lnk
[2012/06/22 13:13:18 | 000,093,289 | ---- | C] () -- C:\Users\Ryan\Documents\test2.TibEd2project
[2012/06/21 22:04:01 | 276,520,960 | ---- | C] () -- C:\Users\Ryan\Desktop\CNC3_patch109_eng.exe
[2012/06/21 21:55:30 | 000,022,881 | ---- | C] () -- C:\Users\Ryan\Documents\test.TibEd2project
[2012/06/21 21:24:58 | 000,001,028 | ---- | C] () -- C:\Users\Ryan\Desktop\Generals Mod Selector.lnk
[2012/06/21 21:24:58 | 000,000,961 | ---- | C] () -- C:\Users\Ryan\Desktop\TibEd 2.lnk
[2012/06/21 16:56:58 | 018,401,585 | ---- | C] () -- C:\Users\Ryan\Desktop\generalszh-104-english.exe
[2012/06/21 16:55:01 | 020,237,621 | ---- | C] () -- C:\Users\Ryan\Desktop\Generals-108-english.zip
[2012/06/18 18:28:31 | 004,444,038 | ---- | C] () -- C:\Users\Ryan\Desktop\Some Nights.mp3
[2012/06/17 22:30:53 | 005,888,642 | ---- | C] () -- C:\Users\Ryan\Desktop\Mythos - 03 - Alten Mara.mp3
[2012/06/17 17:11:02 | 000,364,568 | ---- | C] () -- C:\Users\Ryan\Desktop\prayer cape.png
[2012/06/13 01:04:38 | 006,738,616 | ---- | C] () -- C:\Users\Ryan\Desktop\answer_the_call.mp3
[2012/06/06 06:29:57 | 000,017,408 | ---- | C] () -- C:\Users\Ryan\AppData\Local\WebpageIcons.db
[2012/06/06 06:09:28 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2012/06/06 06:09:28 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2012/06/04 23:32:54 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/06/04 23:32:54 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/06/04 23:32:54 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/06/04 23:32:54 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/06/04 23:32:54 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/30 18:56:14 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\defogger_reenable
[2011/11/28 14:16:40 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\{669124CD-0DE4-43A2-8349-F47546F0E35E}
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2011/10/20 23:20:38 | 000,000,084 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2011/09/09 05:51:43 | 000,216,064 | ---- | C] ( ) -- C:\windows\System32\lagarith.dll
[2011/09/05 10:05:56 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/09/05 10:05:55 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/09/05 10:05:55 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/09/05 10:05:55 | 000,074,752 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/08/23 00:03:12 | 000,000,035 | ---- | C] () -- C:\windows\worldbuilder.INI
[2011/08/19 21:27:11 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/08/16 09:32:51 | 000,000,980 | ---- | C] () -- C:\windows\eReg.dat
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2011/08/09 18:18:57 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/07/31 06:31:44 | 000,001,456 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/07/31 06:29:46 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/07/31 00:37:13 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\{A44AE0F3-7BCB-4DC2-96DC-FBFC0510D98B}
[2011/07/28 15:30:17 | 000,000,046 | ---- | C] () -- C:\windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2011/07/20 04:18:51 | 002,392,064 | ---- | C] () -- C:\windows\System32\videotrans.dll
[2011/07/20 04:18:51 | 000,215,040 | ---- | C] () -- C:\windows\System32\videoformat.dll
[2011/07/20 04:18:51 | 000,061,440 | ---- | C] () -- C:\windows\System32\imgscaler.dll
[2011/07/20 04:18:51 | 000,022,016 | ---- | C] () -- C:\windows\System32\img_utils.dll
[2011/07/20 04:18:51 | 000,017,920 | ---- | C] () -- C:\windows\System32\videocore.dll
[2011/07/07 01:25:10 | 003,835,624 | ---- | C] () -- C:\windows\System32\SpoonUninstall.exe
[2011/07/04 18:26:05 | 000,144,768 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/06/29 00:16:57 | 000,000,943 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\coreavc.ini
[2011/06/28 09:17:06 | 000,142,848 | ---- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 12:28:30 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/06/21 07:00:05 | 000,007,640 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2011/06/17 15:48:15 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2011/06/17 15:43:47 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/06/17 15:27:41 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2011/06/17 15:22:40 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/06/17 15:21:21 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2011/06/17 15:21:21 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011/06/17 15:17:11 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2011/06/17 14:53:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\windows\System32\drivers\klopp.dat

========== LOP Check ==========

[2011/06/21 01:28:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\acccore
[2011/06/28 08:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ACD Systems
[2011/12/06 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Antares
[2011/08/09 16:10:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012/06/23 23:10:45 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\com.oxygenxml
[2012/06/21 21:20:22 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/08/20 00:55:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\dBpoweramp
[2011/07/28 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DonationCoder
[2012/03/18 22:43:28 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Evaer
[2011/08/09 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\grepWin
[2012/02/08 17:42:45 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\HDRsoft
[2012/05/11 05:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\IMVU
[2012/05/11 05:20:18 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\IMVUClient
[2012/03/17 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leadertech
[2011/09/14 14:05:59 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leawo
[2012/01/20 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ManyCam
[2012/03/10 00:24:49 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\NoNameScript
[2012/06/23 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Notepad++
[2012/05/28 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2012/02/04 17:58:46 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Origin
[2011/08/20 01:46:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Publish Providers
[2011/11/04 11:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Renegade
[2011/08/20 01:56:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Sony
[2011/06/28 13:58:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SorensonMedia
[2011/07/14 17:04:00 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/10 00:17:24 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SynthMaker
[2012/05/12 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TeamViewer
[2011/10/20 23:20:40 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Template
[2011/07/14 23:24:31 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ThePluginSite
[2011/09/08 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\toshiba
[2011/10/14 08:08:44 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Unity
[2012/06/27 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2011/06/17 15:47:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2012/06/23 16:13:02 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/08/28 00:25:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/23 16:58:21 | 000,018,010 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/01/13 05:41:54 | 000,000,079 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2009/02/07 14:24:56 | 000,000,063 | ---- | M] () -- C:\gabest_splitter_disable.cmd
[2009/02/07 14:22:58 | 000,000,060 | ---- | M] () -- C:\gabest_splitter_enable.cmd
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/06/26 15:51:36 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/06/28 11:54:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/21 01:28:03 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2009/02/07 14:20:02 | 000,450,560 | ---- | M] (Gabest) -- C:\MatroskaSplitterx86.ax
[2011/06/28 11:54:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/06/26 15:51:42 | 1877,393,408 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/04/24 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\windows\system32\Spool\prtprocs\w32x86\CNMPD9W.DLL
[2010/04/24 06:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\windows\system32\Spool\prtprocs\w32x86\CNMPP9W.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/22 20:26:30 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/22 20:26:30 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/22 20:26:30 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/22 20:26:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/22 20:26:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/22 20:26:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/12 04:07:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/12 04:07:03 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/22 20:26:30 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/22 20:26:30 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/22 20:26:30 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/22 20:26:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/22 20:26:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/22 20:26:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/08 23:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/12 04:07:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/12 04:07:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/12 04:07:03 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 28 June 2012 - 09:21 PM

Hello, ryanjpr89.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case Bittorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.







Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.







Step 1

It looks like you ran combofix a couple of days ago. Please post C:\combofix.txt



Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users