TechSpot

Need step by step help on sirefef.y virus removal

Solved
By silentjester
Jun 17, 2012
  1. It seems that my computer has contracted the dreded sirefef.y virus and will not stay on for longer than a minute or so. If anyone could please help me it would be greatly appreciated
    Thanks
    Silent Jester
  2. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    Ok I have run FRST here are the results.... please someone help me


    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 17-06-2012
    Ran by Owner at 17-06-2012 02:17:10
    Running from D:\
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.The operation completed successfully.
    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

    ============ One Month Created Files and Folders ==============
    2012-06-17 02:17 - 2012-06-17 02:17 - 00000000 ____D C:\FRST
    2012-06-17 00:56 - 2012-06-17 01:47 - 00533594 ____A C:\Windows\ntbtlog.txt
    2012-06-17 00:56 - 2012-06-17 00:56 - 00002728 ____A C:\Windows\PFRO.log
    2012-06-17 00:14 - 2012-06-17 00:14 - 00743840 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-17 00:14 - 2012-06-17 00:14 - 00743840 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-17 00:14 - 2012-06-17 00:14 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-17 00:14 - 2012-06-17 00:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-17 00:14 - 2012-06-17 00:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-16 23:51 - 2012-06-16 23:51 - 00000048 ____A C:\Windows\wininit.ini
    2012-06-16 23:51 - 2011-10-05 22:57 - 00161720 ____A C:\Program Files (x86)\2pres.dll
    2012-06-16 18:26 - 2012-06-17 02:14 - 00000392 ____A C:\Windows\setupact.log
    2012-06-16 18:26 - 2012-06-16 18:26 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-16 12:08 - 2012-06-17 04:48 - 00000000 ____D C:\Program Files\Alwil Software
    2012-06-16 12:08 - 2012-06-17 00:50 - 00001863 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-06-16 12:08 - 2012-06-17 00:50 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-06-16 12:08 - 2012-06-17 00:50 - 00000000 ____A C:\Windows\System32\config.nt
    2012-06-16 12:08 - 2012-06-16 12:08 - 00000000 ____D C:\Users\All Users\Alwil Software
    2012-06-16 12:08 - 2012-03-06 19:15 - 00201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-06-16 12:08 - 2012-03-06 19:15 - 00201352 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-06-16 12:08 - 2012-03-06 19:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-06-16 12:02 - 2012-06-16 12:02 - 00001109 ____A C:\Users\Public\Desktop\CCleaner Professional.lnk
    2012-06-16 12:02 - 2012-06-16 12:02 - 00000000 ____D C:\Program Files (x86)\CCleaner Professional
    2012-06-16 12:00 - 2012-06-16 12:03 - 00000000 ____D C:\Users\Owner\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
    2012-06-16 12:00 - 2012-06-16 12:00 - 00000000 ____D C:\Users\Owner\Downloads\CCleaner Professional+Business[A4]
    2012-06-16 11:57 - 2012-06-16 11:58 - 05597814 ____A C:\Users\Owner\Downloads\CCleaner Professional+Business[A4].rar
    2012-06-14 09:02 - 2012-05-17 18:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 09:02 - 2012-05-17 18:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 09:02 - 2012-05-17 18:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 09:02 - 2012-05-17 18:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 09:02 - 2012-05-17 18:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 09:02 - 2012-05-17 18:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 09:02 - 2012-05-17 18:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 09:02 - 2012-05-17 18:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 09:02 - 2012-05-17 18:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 09:02 - 2012-05-17 18:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 09:02 - 2012-05-17 18:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 09:02 - 2012-05-17 18:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 09:02 - 2012-05-17 18:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 09:02 - 2012-05-17 18:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 09:02 - 2012-05-17 18:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 09:02 - 2012-05-17 18:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 09:02 - 2012-05-17 18:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 09:02 - 2012-05-17 18:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 09:02 - 2012-05-17 18:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 09:02 - 2012-05-17 18:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 09:02 - 2012-05-17 18:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 09:02 - 2012-05-17 18:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 09:02 - 2012-05-17 18:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-14 09:02 - 2012-05-17 18:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 09:01 - 2012-05-17 19:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 09:01 - 2012-05-17 19:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 09:01 - 2012-05-17 18:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 09:01 - 2012-05-17 18:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 17:52 - 2012-05-04 06:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 17:52 - 2012-05-04 06:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-06-13 17:52 - 2012-05-04 06:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 17:52 - 2012-05-04 06:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 17:51 - 2012-04-07 07:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 17:51 - 2012-04-07 07:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 17:50 - 2012-04-24 00:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 17:50 - 2012-04-24 00:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 17:50 - 2012-04-24 00:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 17:50 - 2012-04-24 00:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 17:50 - 2012-04-24 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 17:50 - 2012-04-24 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 17:28 - 2012-06-14 21:27 - 00011350 ____A C:\Users\Owner\Documents\Media Sales Sheet.xlsx
    2012-05-28 10:40 - 2012-05-28 10:40 - 00001733 ____A C:\Users\Owner\Desktop\CivilizationV_DX11 - Shortcut.lnk
    2012-05-28 05:54 - 2012-05-28 05:54 - 00000395 ____A C:\Windows\SysWOW64\mprdin.ocx
    2012-05-28 05:54 - 2012-05-28 05:54 - 00000395 ____A C:\Windows\System32\mprdin.ocx
    2012-05-27 14:14 - 2012-05-27 14:26 - 00000000 ____D C:\Users\Owner\Downloads\Blink-182 - Greatest Hits (2005) 320 vtwin88cube
    2012-05-27 14:12 - 2012-05-27 14:12 - 00000000 ____D C:\Users\Owner\Downloads\Drake Ft. Lil Wayne - The Motto[2011]-LW-{HKRG}
    2012-05-27 14:04 - 2012-05-27 14:13 - 00000000 ____D C:\Users\Owner\Downloads\The.Avengers.2012.TS.XviD.AC3-ADTRG
    2012-05-27 13:09 - 2012-05-27 13:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nero
    2012-05-27 13:09 - 2012-05-27 13:09 - 00002915 ____A C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    2012-05-27 13:08 - 2012-05-27 13:09 - 00000000 ____D C:\Users\All Users\Nero
    2012-05-27 13:08 - 2012-05-27 13:09 - 00000000 ____D C:\Program Files (x86)\Nero
    2012-05-27 12:59 - 2012-05-27 12:59 - 00000000 ____D C:\Users\Owner\Downloads\Nero Burning ROM 10.5.10300 +Serial [UT]
    2012-05-27 12:15 - 2012-05-27 14:21 - 00000000 ____D C:\Users\Owner\Downloads\Jack Johnson And Friends - Sing A Longs And Lullabies For The Film Curious George [Acoustic][2006][www.pctrecords.com]
    2012-05-27 12:13 - 2012-05-27 12:32 - 00000000 ____D C:\Users\Owner\Downloads\Sublime - Greatest Hits (1999) vtwin88cube
    2012-05-27 12:04 - 2012-05-27 12:04 - 00002144 ____A C:\Users\Public\Desktop\Xilisoft Audio Converter Pro.lnk
    2012-05-27 12:04 - 2012-05-27 12:04 - 00000000 ____D C:\Program Files (x86)\Search Toolbar
    2012-05-27 11:55 - 2012-05-27 12:06 - 00000000 ____D C:\Users\Owner\Downloads\Xilisoft Audio Converter Pro v6.3.0.0805 + Keys [RH]
    2012-05-27 11:45 - 2012-05-27 14:14 - 00000000 ____D C:\Users\Owner\Downloads\Drake - Take Care (Explicit) 2011
    2012-05-27 11:43 - 2012-05-27 11:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Xilisoft
    2012-05-27 11:43 - 2012-05-27 11:43 - 00000000 ____D C:\Users\All Users\Xilisoft
    2012-05-27 11:38 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Owner\Downloads\Xilisoft Audio Converter Pro 6.3.0.20120227 Cracked
    2012-05-27 11:23 - 2012-05-27 12:32 - 00000000 ____D C:\Users\Owner\Downloads\System Of A Down - Kill Rock 'N'Roll Greatest Hits (2008) 320 vtwin88cube
    2012-05-27 10:59 - 2012-05-27 11:14 - 00000000 ____D C:\Users\Owner\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
    2012-05-27 10:54 - 2012-05-27 11:22 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - Relapse (2009) (320 Kbps)
    2012-05-27 10:52 - 2012-05-27 11:07 - 00000000 ____D C:\Users\Owner\Downloads\Bad Meets Evil (Eminem) - Hell The Sequel CDRip 2011 [Bubanee]
    2012-05-27 10:44 - 2012-05-27 11:22 - 00000000 ____D C:\Users\Owner\Downloads\[2004] Encore CD1
    2012-05-27 10:42 - 2012-05-27 11:07 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Eminem Show
    2012-05-27 10:41 - 2012-05-27 11:00 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Marshall Mathers LP[2000][MP3@320kbps]-FLAWL3SS
    2012-05-27 10:41 - 2012-05-27 10:52 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Slim Shady LP
    2012-05-27 10:40 - 2012-05-27 10:40 - 00000000 ____D C:\Users\Owner\Downloads\[1996] Infinite
    2012-05-21 17:34 - 2012-05-21 17:34 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
    2012-05-21 17:31 - 2012-05-21 17:31 - 00000000 ____D C:\Users\Owner\AppData\Local\My Games
    2012-05-21 17:16 - 2012-05-21 17:20 - 00000000 ____D C:\Users\Owner\Desktop\Civilization V
    2012-05-19 18:07 - 2012-05-19 21:02 - 00000000 ____D C:\Users\Owner\Downloads\Sid Meiers Civilization V-SKIDROW
    2012-05-18 22:52 - 2012-05-12 08:06 - 00009485 ____A C:\Users\Owner\Desktop\skidrow.nfo
    2012-05-18 22:01 - 2012-05-21 17:30 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

    ============ 3 Months Modified Files and Folders ===============
    2012-06-17 04:48 - 2012-06-16 12:08 - 00000000 ____D C:\Program Files\Alwil Software
    2012-06-17 04:48 - 2011-09-03 20:58 - 00000000 ____D C:\Program Files (x86)\SelectRebates
    2012-06-17 04:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64
    2012-06-17 04:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
    2012-06-17 02:17 - 2012-06-17 02:17 - 00000000 ____D C:\FRST
    2012-06-17 02:16 - 2011-10-07 23:29 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-06-17 02:16 - 2011-03-10 21:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
    2012-06-17 02:15 - 2010-08-30 00:44 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-17 02:14 - 2012-06-16 18:26 - 00000392 ____A C:\Windows\setupact.log
    2012-06-17 02:14 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-17 01:47 - 2012-06-17 00:56 - 00533594 ____A C:\Windows\ntbtlog.txt
    2012-06-17 01:47 - 2010-11-08 09:20 - 01227703 ____A C:\Windows\WindowsUpdate.log
    2012-06-17 00:56 - 2012-06-17 00:56 - 00002728 ____A C:\Windows\PFRO.log
    2012-06-17 00:56 - 2011-03-09 16:56 - 00000000 ____D C:\users\Owner
    2012-06-17 00:56 - 2009-07-13 23:20 - 00000000 ___RD C:\Program Files (x86)
    2012-06-17 00:50 - 2012-06-16 12:08 - 00001863 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-06-17 00:50 - 2012-06-16 12:08 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-06-17 00:50 - 2012-06-16 12:08 - 00000000 ____A C:\Windows\System32\config.nt
    2012-06-17 00:14 - 2012-06-17 00:14 - 00743840 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-17 00:14 - 2012-06-17 00:14 - 00743840 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-17 00:14 - 2012-06-17 00:14 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-17 00:14 - 2012-06-17 00:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-17 00:14 - 2012-06-17 00:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-17 00:07 - 2010-08-30 00:44 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-16 23:51 - 2012-06-16 23:51 - 00000048 ____A C:\Windows\wininit.ini
    2012-06-16 23:51 - 2011-03-17 15:45 - 00000000 ____D C:\Users\AppData\LocalLow
    2012-06-16 23:51 - 2011-03-09 16:56 - 00000000 ____D C:\Users\Owner\AppData\LocalLow
    2012-06-16 18:26 - 2012-06-16 18:26 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-16 12:08 - 2012-06-16 12:08 - 00000000 ____D C:\Users\All Users\Alwil Software
    2012-06-16 12:05 - 2011-03-10 20:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
    2012-06-16 12:05 - 2010-08-30 16:44 - 00000000 ____D C:\Windows\Panther
    2012-06-16 12:03 - 2012-06-16 12:00 - 00000000 ____D C:\Users\Owner\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
    2012-06-16 12:02 - 2012-06-16 12:02 - 00001109 ____A C:\Users\Public\Desktop\CCleaner Professional.lnk
    2012-06-16 12:02 - 2012-06-16 12:02 - 00000000 ____D C:\Program Files (x86)\CCleaner Professional
    2012-06-16 12:00 - 2012-06-16 12:00 - 00000000 ____D C:\Users\Owner\Downloads\CCleaner Professional+Business[A4]
    2012-06-16 11:58 - 2012-06-16 11:57 - 05597814 ____A C:\Users\Owner\Downloads\CCleaner Professional+Business[A4].rar
    2012-06-14 23:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2012-06-14 21:27 - 2012-06-13 17:28 - 00011350 ____A C:\Users\Owner\Documents\Media Sales Sheet.xlsx
    2012-06-14 09:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Microsoft.NET
    2012-06-14 09:30 - 2012-01-12 08:15 - 00000000 __SHD C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}
    2012-06-13 22:21 - 2011-03-10 21:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
    2012-06-09 22:21 - 2011-04-27 20:52 - 00000000 ____D C:\Users\Owner\Documents\Church Deposits
    2012-05-28 10:40 - 2012-05-28 10:40 - 00001733 ____A C:\Users\Owner\Desktop\CivilizationV_DX11 - Shortcut.lnk
    2012-05-28 05:54 - 2012-05-28 05:54 - 00000395 ____A C:\Windows\SysWOW64\mprdin.ocx
    2012-05-28 05:54 - 2012-05-28 05:54 - 00000395 ____A C:\Windows\System32\mprdin.ocx
    2012-05-27 14:26 - 2012-05-27 14:14 - 00000000 ____D C:\Users\Owner\Downloads\Blink-182 - Greatest Hits (2005) 320 vtwin88cube
    2012-05-27 14:21 - 2012-05-27 12:15 - 00000000 ____D C:\Users\Owner\Downloads\Jack Johnson And Friends - Sing A Longs And Lullabies For The Film Curious George [Acoustic][2006][www.pctrecords.com]
    2012-05-27 14:14 - 2012-05-27 11:45 - 00000000 ____D C:\Users\Owner\Downloads\Drake - Take Care (Explicit) 2011
    2012-05-27 14:13 - 2012-05-27 14:04 - 00000000 ____D C:\Users\Owner\Downloads\The.Avengers.2012.TS.XviD.AC3-ADTRG
    2012-05-27 14:12 - 2012-05-27 14:12 - 00000000 ____D C:\Users\Owner\Downloads\Drake Ft. Lil Wayne - The Motto[2011]-LW-{HKRG}
    2012-05-27 13:17 - 2012-05-27 13:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nero
    2012-05-27 13:09 - 2012-05-27 13:09 - 00002915 ____A C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    2012-05-27 13:09 - 2012-05-27 13:08 - 00000000 ____D C:\Users\All Users\Nero
    2012-05-27 13:09 - 2012-05-27 13:08 - 00000000 ____D C:\Program Files (x86)\Nero
    2012-05-27 13:04 - 2011-03-10 20:49 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
    2012-05-27 12:59 - 2012-05-27 12:59 - 00000000 ____D C:\Users\Owner\Downloads\Nero Burning ROM 10.5.10300 +Serial [UT]
    2012-05-27 12:32 - 2012-05-27 12:13 - 00000000 ____D C:\Users\Owner\Downloads\Sublime - Greatest Hits (1999) vtwin88cube
    2012-05-27 12:32 - 2012-05-27 11:23 - 00000000 ____D C:\Users\Owner\Downloads\System Of A Down - Kill Rock 'N'Roll Greatest Hits (2008) 320 vtwin88cube
    2012-05-27 12:06 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Owner\Downloads\Xilisoft Audio Converter Pro v6.3.0.0805 + Keys [RH]
    2012-05-27 12:04 - 2012-05-27 12:04 - 00002144 ____A C:\Users\Public\Desktop\Xilisoft Audio Converter Pro.lnk
    2012-05-27 12:04 - 2012-05-27 12:04 - 00000000 ____D C:\Program Files (x86)\Search Toolbar
    2012-05-27 12:03 - 2012-01-15 14:55 - 00000000 ____D C:\Program Files (x86)\Xilisoft
    2012-05-27 11:55 - 2012-05-27 11:38 - 00000000 ____D C:\Users\Owner\Downloads\Xilisoft Audio Converter Pro 6.3.0.20120227 Cracked
    2012-05-27 11:43 - 2012-05-27 11:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Xilisoft
    2012-05-27 11:43 - 2012-05-27 11:43 - 00000000 ____D C:\Users\All Users\Xilisoft
    2012-05-27 11:22 - 2012-05-27 10:54 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - Relapse (2009) (320 Kbps)
    2012-05-27 11:22 - 2012-05-27 10:44 - 00000000 ____D C:\Users\Owner\Downloads\[2004] Encore CD1
    2012-05-27 11:14 - 2012-05-27 10:59 - 00000000 ____D C:\Users\Owner\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
    2012-05-27 11:07 - 2012-05-27 10:52 - 00000000 ____D C:\Users\Owner\Downloads\Bad Meets Evil (Eminem) - Hell The Sequel CDRip 2011 [Bubanee]
    2012-05-27 11:07 - 2012-05-27 10:42 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Eminem Show
    2012-05-27 11:00 - 2012-05-27 10:41 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Marshall Mathers LP[2000][MP3@320kbps]-FLAWL3SS
    2012-05-27 10:52 - 2012-05-27 10:41 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Slim Shady LP
    2012-05-27 10:40 - 2012-05-27 10:40 - 00000000 ____D C:\Users\Owner\Downloads\[1996] Infinite
    2012-05-21 21:20 - 2012-01-21 14:25 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2012-05-21 17:34 - 2012-05-21 17:34 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
    2012-05-21 17:31 - 2012-05-21 17:31 - 00000000 ____D C:\Users\Owner\AppData\Local\My Games
    2012-05-21 17:31 - 2011-06-16 21:29 - 00000000 ____D C:\Users\Owner\Documents\My Games
    2012-05-21 17:30 - 2012-05-18 22:01 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
    2012-05-21 17:20 - 2012-05-21 17:16 - 00000000 ____D C:\Users\Owner\Desktop\Civilization V
    2012-05-19 21:02 - 2012-05-19 18:07 - 00000000 ____D C:\Users\Owner\Downloads\Sid Meiers Civilization V-SKIDROW
    2012-05-17 19:11 - 2012-06-14 09:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 19:11 - 2012-06-14 09:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:48 - 2012-06-14 09:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 18:48 - 2012-06-14 09:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:45 - 2012-06-14 09:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 18:45 - 2012-06-14 09:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 18:36 - 2012-06-14 09:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 18:36 - 2012-06-14 09:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 18:35 - 2012-06-14 09:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 18:35 - 2012-06-14 09:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 18:35 - 2012-06-14 09:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 18:35 - 2012-06-14 09:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 18:33 - 2012-06-14 09:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 18:33 - 2012-06-14 09:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 18:31 - 2012-06-14 09:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 18:31 - 2012-06-14 09:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 18:29 - 2012-06-14 09:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 18:29 - 2012-06-14 09:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 18:29 - 2012-06-14 09:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 18:29 - 2012-06-14 09:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 18:27 - 2012-06-14 09:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 18:27 - 2012-06-14 09:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 18:25 - 2012-06-14 09:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 18:25 - 2012-06-14 09:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 18:24 - 2012-06-14 09:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 18:24 - 2012-06-14 09:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 18:20 - 2012-06-14 09:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-17 18:20 - 2012-06-14 09:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-13 03:30 - 2010-08-30 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-13 03:11 - 2011-03-10 21:45 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-13 03:01 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-12 22:47 - 2012-04-01 14:40 - 00002094 ____A C:\Users\Owner\Desktop\Play Ancient Quest Of Saqqarah.lnk
    2012-05-12 08:06 - 2012-05-18 22:52 - 00009485 ____A C:\Users\Owner\Desktop\skidrow.nfo
    2012-05-09 12:23 - 2012-05-09 12:23 - 00000000 ____D C:\Users\All Users\TERMINAL Studio
    2012-05-08 16:05 - 2012-05-08 16:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TOMI2.THE GATES OF FATE
    2012-05-08 16:03 - 2012-05-08 16:03 - 00001510 ____A C:\Users\Owner\Desktop\The Treasures of Mystery Island The Gates of Fate.lnk
    2012-05-08 16:01 - 2012-05-05 08:46 - 00000000 ____D C:\Program Files (x86)\Viva Media
    2012-05-05 19:43 - 2012-05-05 08:53 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TOMI3
    2012-05-05 08:53 - 2012-05-05 08:53 - 00001461 ____A C:\Users\Owner\Desktop\The Treasures of Mystery Island The Ghost Ship.lnk
    2012-05-05 08:49 - 2012-05-05 08:47 - 00001391 ____A C:\Users\Owner\Desktop\The Treasures Of Mystery Island.lnk
    2012-05-05 08:48 - 2012-05-05 08:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SecretIslandUSA
    2012-05-05 08:47 - 2012-05-05 08:47 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
    2012-05-05 08:47 - 2012-05-05 08:47 - 00000000 ____D C:\Users\All Users\AlawarWrapper
    2012-05-05 08:42 - 2012-05-05 08:42 - 00002158 ____A C:\Users\Public\Desktop\Puzzle Odyssey.lnk
    2012-05-05 08:42 - 2012-05-05 08:42 - 00001190 ____A C:\Users\Owner\Desktop\Break For Games.lnk
    2012-05-05 08:41 - 2012-05-05 08:41 - 00000000 ____D C:\Program Files (x86)\Break For Games
    2012-05-05 08:37 - 2012-05-05 08:37 - 00001260 ____A C:\Users\Public\Desktop\Peggle Nights.lnk
    2012-05-05 08:37 - 2011-03-26 18:43 - 00000203 ____A C:\Users\Public\Desktop\Play More Great Games!.url
    2012-05-05 08:37 - 2011-03-26 18:43 - 00000000 ____D C:\Users\All Users\PopCap Games
    2012-05-05 08:37 - 2011-03-26 18:43 - 00000000 ____D C:\Program Files (x86)\PopCap Games
    2012-05-04 06:03 - 2012-06-13 17:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 06:03 - 2012-06-13 17:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-05-04 06:03 - 2012-06-13 17:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 06:03 - 2012-06-13 17:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-02 17:13 - 2012-05-02 17:13 - 00039892 ____A C:\Users\Owner\AppData\Roaming\KeyBlaze.dmp
    2012-05-01 22:59 - 2012-05-01 20:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TypingMaster7
    2012-05-01 20:00 - 2012-05-01 20:00 - 09172808 ____A (TypingMaster Inc ) C:\Users\Owner\Downloads\TypingMaster2010.exe
    2012-05-01 20:00 - 2012-05-01 20:00 - 00001099 ____A C:\Users\Public\Desktop\TypingMaster Pro.lnk
    2012-05-01 20:00 - 2012-05-01 20:00 - 00000000 ___RD C:\Program Files (x86)\TypingMaster
    2012-05-01 20:00 - 2012-05-01 20:00 - 00000000 ____D C:\Users\Owner\AppData\Local\searchcom_002
    2012-05-01 20:00 - 2012-05-01 20:00 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2012-05-01 20:00 - 2012-05-01 20:00 - 00000000 ____D C:\Program Files (x86)\searchcom_002
    2012-05-01 19:36 - 2012-05-01 19:36 - 00001020 ____A C:\Users\Public\Desktop\Stamina.lnk
    2012-05-01 19:36 - 2012-05-01 19:36 - 00000000 ____D C:\Program Files (x86)\Stamina
    2012-05-01 18:17 - 2012-05-01 18:17 - 00001145 ____A C:\Users\Public\Desktop\KeyBlaze Typing Tutor.lnk
    2012-05-01 18:17 - 2012-05-01 18:17 - 00000000 ____D C:\Users\All Users\NCH Software
    2012-05-01 18:15 - 2012-05-01 18:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NCH Software
    2012-05-01 18:15 - 2012-05-01 18:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2012-04-28 22:29 - 2012-04-28 13:48 - 00000000 ____D C:\Users\Owner\Downloads\Underworld Awakening 2012 BRRiP XViD AbSurdiTy
    2012-04-28 20:03 - 2012-04-28 19:27 - 00000000 ____D C:\Users\Owner\Downloads\Source Code (2011) DVDRip XviD-MAXSPEED
    2012-04-28 15:54 - 2012-04-28 14:20 - 00000000 ____D C:\Users\Owner\Downloads\Super 8 2011 DvdRip XviD Xult
    2012-04-28 15:49 - 2012-04-28 15:00 - 00000000 ____D C:\Users\Owner\Downloads\Super.Troopers.2001.iNTERNAL.DVDRip.XviD-EPiC.[UsaBit.com]
    2012-04-28 13:36 - 2012-04-28 13:34 - 00000000 ____D C:\Users\Owner\Downloads\Our.*****.Brother.BDRip.XviD-DiAMOND
    2012-04-24 00:36 - 2012-06-13 17:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-24 00:36 - 2012-06-13 17:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 00:36 - 2012-06-13 17:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-24 00:36 - 2012-06-13 17:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 00:36 - 2012-06-13 17:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-24 00:36 - 2012-06-13 17:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 21:04 - 2012-04-23 21:04 - 00000017 ____A C:\Users\Owner\AppData\Local\resmon.resmoncfg
    2012-04-16 21:31 - 2011-03-10 21:06 - 00000000 ____D C:\Users\Owner\Documents\TurboTax
    2012-04-16 21:15 - 2012-04-16 07:57 - 00000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
    2012-04-16 07:57 - 2012-04-16 07:57 - 00002531 ____A C:\Users\Public\Desktop\TurboTax 2011.lnk
    2012-04-16 07:55 - 2011-03-10 20:52 - 00000000 ____D C:\Program Files (x86)\TurboTax
    2012-04-07 07:26 - 2012-06-13 17:51 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-07 07:26 - 2012-06-13 17:51 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-01 22:01 - 2012-04-01 14:39 - 00000000 ____D C:\Remote Programs
    2012-04-01 14:49 - 2012-04-01 14:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ancient Quest of Saqqarah_alawar
    2012-04-01 14:40 - 2012-04-01 14:39 - 00000000 ____D C:\Program Files (x86)\Free Ride Games
    2012-04-01 14:39 - 2012-04-01 14:39 - 00002081 ____A C:\Users\Public\Desktop\Play Free Games.lnk
    2012-04-01 14:39 - 2012-04-01 14:39 - 00001164 ____A C:\Users\Public\Desktop\More FREE games.lnk
    2012-04-01 14:39 - 2012-04-01 14:39 - 00000064 ____A C:\Windows\GPlrLanc.dat
    2012-04-01 14:39 - 2012-04-01 14:39 - 00000000 ____D C:\Users\All Users\Free Ride Games
    2012-04-01 14:39 - 2010-08-30 00:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-04-01 14:39 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2012-04-01 14:38 - 2012-04-01 14:38 - 00000000 ____D C:\Program Files (x86)\Playfin_1t
    2012-04-01 14:38 - 2012-04-01 14:38 - 00000000 ____D C:\Program Files (x86)\Brand Affinity Technologies
    2012-04-01 14:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
    2012-03-21 16:12 - 2012-04-01 14:39 - 00053314 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
    ZeroAccess:
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\@
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\L
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U
    ZeroAccess:
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}\@
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}\L
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U
    ========================= Bamital & volsnap Check ============
    C:\Windows\explorer.exe
    [2011-04-27 18:38] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
    C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\User32.dll
    [2011-03-09 20:17] - [2010-11-20 05:08] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
    ========================= Memory info ======================
    Percentage of memory in use: 43%
    Total physical RAM: 3890.67 MB
    Available physical RAM: 2182.69 MB
    Total Pagefile: 7779.54 MB
    Available Pagefile: 5906.68 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3961.09 MB
    ======================= Partitions =========================
    1 Drive c: (TI106042W0A) (Fixed) (Total:452.7 GB) (Free:366.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Jun 17 2012) (CDROM) (Total:0.69 GB) (Free:0.66 GB) UDF
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 452 GB 1501 MB
    Partition 3 Primary 11 GB 454 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 System NTFS Partition 1500 MB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C TI106042W0A NTFS Partition 452 GB Healthy Boot
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ======================================================================================================
    ======================= End Of Log ==========================

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
    ========================================================

    You did run the tool from withing Windows.
    You have to redo.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
    ========================================================

    Next......

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to BartPe and run FRST.
    Type the following in the edit box after "Search:".

    services.exe;volsnap.sys;winlogon.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  4. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    Thank you very much for your time and help here are the results...

    Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 01
    Ran by SYSTEM at 17-06-2012 13:44:32
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet002
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-04-26] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 2010-04-26] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [413208 2010-04-26] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [896032 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-06-29] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1519016 2010-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1441792 2010-06-08] (Intel® Corporation)
    HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-02-22] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-05-01] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
    HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [193880 2010-11-19] (LeapFrog Enterprises, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-18] (Apple Inc.)
    HKLM-x32\...\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()
    HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [348760 2010-10-01] (Kaspersky Lab)
    HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [2015136 2011-05-27] (Affinegy, Inc.)
    HKLM-x32\...\Run: [Playfin_1t Browser Plugin Loader] C:\PROGRA~2\PLAYFI~1\bar\1.bin\1tbrmon.exe [30096 2012-04-01] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [x]
    HKU\Owner\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
    HKU\Owner\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399224 2011-03-10] (BitTorrent, Inc.)
    HKU\Owner\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4862384 2012-03-21] (Exent Technologies Ltd.)
    HKU\Owner\...\Run: [QuickPhrase] "C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe" [638456 2008-11-18] (TypingMaster, Inc)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    ==================== Services (Whitelisted) ======
    2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [562592 2011-05-27] (Affinegy, Inc.)
    2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" -r [348760 2010-10-01] (Kaspersky Lab)
    2 CSObjectsSrv; "C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe" [743992 2009-12-21] (Infowatch)
    2 FTSvc; "C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe" [11776 2011-12-11] (Brand Affinity Technologies)
    2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
    2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
    2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
    2 iWinTrusted; C:\Program Files (x86)\iWin Games\iWinTrusted.exe [176848 2011-04-08] (iWin Inc.)
    2 Playfin_1tService; C:\PROGRA~2\PLAYFI~1\bar\1.bin\1tbarsvc.exe [42504 2012-04-01] (COMPANYVERS_NAME)
    2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [193824 2010-03-11] (Protexis Inc.)
    2 RemoteAccess; C:\Windows\SysWOW64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-03] (Intel Corporation)
    2 WiMAXAppSrv; "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [911872 2010-06-07] (Intel(R) Corporation)
    2 CouponAlert_2pService; C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [x]
    ========================== Drivers (Whitelisted) =============
    3 acpials; C:\Windows\System32\Drivers\acpials.sys [9728 2009-07-13] (Microsoft Corporation)
    0 CSCrySec; C:\Windows\System32\Drivers\CSCrySec.sys [85048 2009-12-14] (Infowatch)
    1 CSVirtualDiskDrv; C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-03-10] (DT Soft Ltd)
    1 kl1; C:\Windows\System32\Drivers\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
    0 KLBG; C:\Windows\System32\Drivers\KLBG.sys [40464 2009-10-14] (Kaspersky Lab)
    1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [353296 2011-10-07] (Kaspersky Lab)
    1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27152 2009-09-14] (Kaspersky Lab)
    3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
    2 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo)
    2 regi; C:\Windows\SysWow64\Drivers\regi.sys [11032 2007-04-17] (InterVideo)
    0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
    2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-16 20:56 - 2012-06-16 22:47 - 00003530 ____A C:\Windows\PFRO.log
    2012-06-16 20:56 - 2012-06-16 21:47 - 00533594 ____A C:\Windows\ntbtlog.txt
    2012-06-16 20:14 - 2012-06-16 22:44 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-16 20:14 - 2012-06-16 22:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-16 20:14 - 2012-06-16 20:14 - 00743840 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-16 19:51 - 2012-06-16 19:51 - 00000048 ____A C:\Windows\wininit.ini
    2012-06-16 19:51 - 2011-10-05 18:57 - 00161720 ____A C:\Program Files (x86)\2pres.dll
    2012-06-16 14:26 - 2012-06-17 09:32 - 00000672 ____A C:\Windows\setupact.log
    2012-06-16 14:26 - 2012-06-16 14:26 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-16 10:36 - 2012-03-06 15:15 - 00258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-06-16 08:08 - 2012-06-17 00:48 - 00000000 ____D C:\Program Files\Alwil Software
    2012-06-16 08:08 - 2012-06-16 20:50 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-06-16 08:08 - 2012-06-16 08:08 - 00000000 ____D C:\Users\All Users\Alwil Software
    2012-06-16 08:02 - 2012-06-16 08:02 - 00001109 ____A C:\Users\Public\Desktop\CCleaner Professional.lnk
    2012-06-16 08:02 - 2012-06-16 08:02 - 00000000 ____D C:\Program Files (x86)\CCleaner Professional
    2012-06-16 08:00 - 2012-06-16 08:03 - 00000000 ____D C:\Users\Owner\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
    2012-06-16 08:00 - 2012-06-16 08:00 - 00000000 ____D C:\Users\Owner\Downloads\CCleaner Professional+Business[A4]
    2012-06-16 07:57 - 2012-06-16 07:58 - 05597814 ____A C:\Users\Owner\Downloads\CCleaner Professional+Business[A4].rar
    2012-06-14 05:02 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 05:02 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 05:02 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 05:02 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 05:02 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 05:02 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 05:02 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 05:02 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 05:02 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 05:02 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 05:02 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 05:02 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 05:02 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 05:02 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 05:02 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 05:02 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 05:02 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 05:02 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 05:02 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 05:02 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 05:02 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 05:02 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 05:02 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 05:02 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-14 05:01 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 05:01 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 05:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 05:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 13:53 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 13:53 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 13:53 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 13:52 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 13:52 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 13:52 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 13:52 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 13:51 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 13:51 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 13:51 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 13:51 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 13:50 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 13:50 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 13:50 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 13:50 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 13:50 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 13:50 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 13:28 - 2012-06-14 17:27 - 00011350 ____A C:\Users\Owner\Documents\Media Sales Sheet.xlsx
    2012-06-09 17:43 - 2012-06-09 17:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-05-28 06:40 - 2012-05-28 06:40 - 00001733 ____A C:\Users\Owner\Desktop\CivilizationV_DX11 - Shortcut.lnk
    2012-05-28 01:54 - 2012-05-28 01:54 - 00000395 ____A C:\Windows\SysWOW64\mprdin.ocx
    2012-05-27 10:14 - 2012-05-27 10:26 - 00000000 ____D C:\Users\Owner\Downloads\Blink-182 - Greatest Hits (2005) 320 vtwin88cube
    2012-05-27 10:12 - 2012-05-27 10:12 - 00000000 ____D C:\Users\Owner\Downloads\Drake Ft. Lil Wayne - The Motto[2011]-LW-{HKRG}
    2012-05-27 10:04 - 2012-05-27 10:13 - 00000000 ____D C:\Users\Owner\Downloads\The.Avengers.2012.TS.XviD.AC3-ADTRG
    2012-05-27 09:09 - 2012-05-27 09:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nero
    2012-05-27 09:09 - 2012-05-27 09:09 - 00002915 ____A C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    2012-05-27 09:08 - 2012-05-27 09:09 - 00000000 ____D C:\Users\All Users\Nero
    2012-05-27 09:08 - 2012-05-27 09:09 - 00000000 ____D C:\Program Files (x86)\Nero
    2012-05-27 08:59 - 2012-05-27 08:59 - 00000000 ____D C:\Users\Owner\Downloads\Nero Burning ROM 10.5.10300 +Serial [UT]
    2012-05-27 08:15 - 2012-05-27 10:21 - 00000000 ____D C:\Users\Owner\Downloads\Jack Johnson And Friends - Sing A Longs And Lullabies For The Film Curious George [Acoustic][2006][www.pctrecords.com]
    2012-05-27 08:13 - 2012-05-27 08:32 - 00000000 ____D C:\Users\Owner\Downloads\Sublime - Greatest Hits (1999) vtwin88cube
    2012-05-27 08:04 - 2012-05-27 08:04 - 00002144 ____A C:\Users\Public\Desktop\Xilisoft Audio Converter Pro.lnk
    2012-05-27 08:04 - 2012-05-27 08:04 - 00000000 ____D C:\Program Files (x86)\Search Toolbar
    2012-05-27 07:55 - 2012-05-27 08:06 - 00000000 ____D C:\Users\Owner\Downloads\Xilisoft Audio Converter Pro v6.3.0.0805 + Keys [RH]
    2012-05-27 07:45 - 2012-05-27 10:14 - 00000000 ____D C:\Users\Owner\Downloads\Drake - Take Care (Explicit) 2011
    2012-05-27 07:43 - 2012-05-27 07:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Xilisoft
    2012-05-27 07:43 - 2012-05-27 07:43 - 00000000 ____D C:\Users\All Users\Xilisoft
    2012-05-27 07:38 - 2012-05-27 07:55 - 00000000 ____D C:\Users\Owner\Downloads\Xilisoft Audio Converter Pro 6.3.0.20120227 Cracked
    2012-05-27 07:23 - 2012-05-27 08:32 - 00000000 ____D C:\Users\Owner\Downloads\System Of A Down - Kill Rock 'N'Roll Greatest Hits (2008) 320 vtwin88cube
    2012-05-27 06:59 - 2012-05-27 07:14 - 00000000 ____D C:\Users\Owner\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
    2012-05-27 06:54 - 2012-05-27 07:22 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - Relapse (2009) (320 Kbps)
    2012-05-27 06:52 - 2012-05-27 07:07 - 00000000 ____D C:\Users\Owner\Downloads\Bad Meets Evil (Eminem) - Hell The Sequel CDRip 2011 [Bubanee]
    2012-05-27 06:44 - 2012-05-27 07:22 - 00000000 ____D C:\Users\Owner\Downloads\[2004] Encore CD1
    2012-05-27 06:42 - 2012-05-27 07:07 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Eminem Show
    2012-05-27 06:41 - 2012-05-27 07:00 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Marshall Mathers LP[2000][MP3@320kbps]-FLAWL3SS
    2012-05-27 06:41 - 2012-05-27 06:52 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Slim Shady LP
    2012-05-27 06:40 - 2012-05-27 06:40 - 00000000 ____D C:\Users\Owner\Downloads\[1996] Infinite
    2012-05-21 13:34 - 2012-05-21 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
    2012-05-21 13:31 - 2012-05-21 13:31 - 00000000 ____D C:\Users\Owner\AppData\Local\My Games
    2012-05-21 13:16 - 2012-05-21 13:20 - 00000000 ____D C:\Users\Owner\Desktop\Civilization V
    2012-05-19 14:07 - 2012-05-19 17:02 - 00000000 ____D C:\Users\Owner\Downloads\Sid Meiers Civilization V-SKIDROW
    2012-05-18 18:52 - 2012-05-12 04:06 - 00009485 ____A C:\Users\Owner\Desktop\skidrow.nfo
    2012-05-18 18:01 - 2012-05-21 13:30 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

    ============ 3 Months Modified Files and Folders =============
    2012-06-17 13:44 - 2012-06-16 22:17 - 00000000 ____D C:\FRST
    2012-06-17 13:43 - 2009-07-13 19:18 - 00000000 __SHD C:\$Recycle.Bin
    2012-06-17 09:34 - 2011-03-10 17:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
    2012-06-17 09:33 - 2011-10-07 19:29 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-06-17 09:32 - 2012-06-16 14:26 - 00000672 ____A C:\Windows\setupact.log
    2012-06-17 09:32 - 2010-11-08 05:40 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
    2012-06-17 09:32 - 2010-11-08 05:15 - 4079665152 __ASH C:\pagefile.sys
    2012-06-17 09:32 - 2010-11-08 05:15 - 3059748864 __ASH C:\hiberfil.sys
    2012-06-17 09:32 - 2010-08-29 20:44 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-17 09:32 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-17 09:32 - 2009-07-13 19:20 - 00000000 ___AD C:\Windows
    2012-06-17 08:41 - 2010-11-08 05:20 - 01270867 ____A C:\Windows\WindowsUpdate.log
    2012-06-17 08:34 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-17 08:34 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-17 08:24 - 2009-07-13 21:13 - 00746862 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-17 08:18 - 2009-07-13 21:08 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-17 08:07 - 2010-08-29 20:44 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-17 00:48 - 2012-06-16 08:08 - 00000000 ____D C:\Program Files\Alwil Software
    2012-06-17 00:48 - 2011-09-03 16:58 - 00000000 ____D C:\Program Files (x86)\SelectRebates
    2012-06-17 00:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-06-16 22:47 - 2012-06-16 20:56 - 00003530 ____A C:\Windows\PFRO.log
    2012-06-16 22:45 - 2010-10-08 14:28 - 00000000 __SHD C:\System Volume Information
    2012-06-16 22:44 - 2012-06-16 20:14 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-16 22:44 - 2012-06-16 20:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-16 22:44 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
    2012-06-16 22:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-06-16 21:47 - 2012-06-16 20:56 - 00533594 ____A C:\Windows\ntbtlog.txt
    2012-06-16 20:56 - 2011-03-09 12:56 - 00000000 ____D C:\users\Owner
    2012-06-16 20:51 - 2009-07-13 19:20 - 00000000 ___HD C:\ProgramData
    2012-06-16 20:50 - 2012-06-16 08:08 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-06-16 20:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
    2012-06-16 20:14 - 2012-06-16 20:14 - 00743840 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-16 20:14 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
    2012-06-16 19:51 - 2012-06-16 19:51 - 00000048 ____A C:\Windows\wininit.ini
    2012-06-16 14:26 - 2012-06-16 14:26 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-16 08:08 - 2012-06-16 08:08 - 00000000 ____D C:\Users\All Users\Alwil Software
    2012-06-16 08:05 - 2011-03-10 16:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
    2012-06-16 08:05 - 2010-08-30 12:44 - 00000000 ____D C:\Windows\Panther
    2012-06-16 08:03 - 2012-06-16 08:00 - 00000000 ____D C:\Users\Owner\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
    2012-06-16 08:02 - 2012-06-16 08:02 - 00001109 ____A C:\Users\Public\Desktop\CCleaner Professional.lnk
    2012-06-16 08:02 - 2012-06-16 08:02 - 00000000 ____D C:\Program Files (x86)\CCleaner Professional
    2012-06-16 08:00 - 2012-06-16 08:00 - 00000000 ____D C:\Users\Owner\Downloads\CCleaner Professional+Business[A4]
    2012-06-16 07:58 - 2012-06-16 07:57 - 05597814 ____A C:\Users\Owner\Downloads\CCleaner Professional+Business[A4].rar
    2012-06-14 19:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-06-14 17:27 - 2012-06-13 13:28 - 00011350 ____A C:\Users\Owner\Documents\Media Sales Sheet.xlsx
    2012-06-14 05:31 - 2009-07-13 20:45 - 00313848 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 05:30 - 2012-01-12 04:15 - 00000000 __SHD C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}
    2012-06-14 05:10 - 2011-06-15 07:46 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-13 18:21 - 2011-03-10 17:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
    2012-06-09 18:21 - 2011-04-27 16:52 - 00000000 ____D C:\Users\Owner\Documents\Church Deposits
    2012-06-09 17:43 - 2012-06-09 17:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-05-28 06:40 - 2012-05-28 06:40 - 00001733 ____A C:\Users\Owner\Desktop\CivilizationV_DX11 - Shortcut.lnk
    2012-05-28 01:54 - 2012-05-28 01:54 - 00000395 ____A C:\Windows\SysWOW64\mprdin.ocx
    2012-05-27 10:26 - 2012-05-27 10:14 - 00000000 ____D C:\Users\Owner\Downloads\Blink-182 - Greatest Hits (2005) 320 vtwin88cube
    2012-05-27 10:21 - 2012-05-27 08:15 - 00000000 ____D C:\Users\Owner\Downloads\Jack Johnson And Friends - Sing A Longs And Lullabies For The Film Curious George [Acoustic][2006][www.pctrecords.com]
    2012-05-27 10:14 - 2012-05-27 07:45 - 00000000 ____D C:\Users\Owner\Downloads\Drake - Take Care (Explicit) 2011
    2012-05-27 10:13 - 2012-05-27 10:04 - 00000000 ____D C:\Users\Owner\Downloads\The.Avengers.2012.TS.XviD.AC3-ADTRG
    2012-05-27 10:12 - 2012-05-27 10:12 - 00000000 ____D C:\Users\Owner\Downloads\Drake Ft. Lil Wayne - The Motto[2011]-LW-{HKRG}
    2012-05-27 09:17 - 2012-05-27 09:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nero
    2012-05-27 09:09 - 2012-05-27 09:09 - 00002915 ____A C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    2012-05-27 09:09 - 2012-05-27 09:08 - 00000000 ____D C:\Users\All Users\Nero
    2012-05-27 09:09 - 2012-05-27 09:08 - 00000000 ____D C:\Program Files (x86)\Nero
    2012-05-27 09:04 - 2011-03-10 16:49 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
    2012-05-27 08:59 - 2012-05-27 08:59 - 00000000 ____D C:\Users\Owner\Downloads\Nero Burning ROM 10.5.10300 +Serial [UT]
    2012-05-27 08:32 - 2012-05-27 08:13 - 00000000 ____D C:\Users\Owner\Downloads\Sublime - Greatest Hits (1999) vtwin88cube
    2012-05-27 08:32 - 2012-05-27 07:23 - 00000000 ____D C:\Users\Owner\Downloads\System Of A Down - Kill Rock 'N'Roll Greatest Hits (2008) 320 vtwin88cube
    2012-05-27 08:06 - 2012-05-27 07:55 - 00000000 ____D C:\Users\Owner\Downloads\Xilisoft Audio Converter Pro v6.3.0.0805 + Keys [RH]
    2012-05-27 08:04 - 2012-05-27 08:04 - 00002144 ____A C:\Users\Public\Desktop\Xilisoft Audio Converter Pro.lnk
    2012-05-27 08:04 - 2012-05-27 08:04 - 00000000 ____D C:\Program Files (x86)\Search Toolbar
    2012-05-27 08:03 - 2012-01-15 10:55 - 00000000 ____D C:\Program Files (x86)\Xilisoft
    2012-05-27 07:55 - 2012-05-27 07:38 - 00000000 ____D C:\Users\Owner\Downloads\Xilisoft Audio Converter Pro 6.3.0.20120227 Cracked
    2012-05-27 07:43 - 2012-05-27 07:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Xilisoft
    2012-05-27 07:43 - 2012-05-27 07:43 - 00000000 ____D C:\Users\All Users\Xilisoft
    2012-05-27 07:22 - 2012-05-27 06:54 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - Relapse (2009) (320 Kbps)
    2012-05-27 07:22 - 2012-05-27 06:44 - 00000000 ____D C:\Users\Owner\Downloads\[2004] Encore CD1
    2012-05-27 07:14 - 2012-05-27 06:59 - 00000000 ____D C:\Users\Owner\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
    2012-05-27 07:07 - 2012-05-27 06:52 - 00000000 ____D C:\Users\Owner\Downloads\Bad Meets Evil (Eminem) - Hell The Sequel CDRip 2011 [Bubanee]
    2012-05-27 07:07 - 2012-05-27 06:42 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Eminem Show
    2012-05-27 07:00 - 2012-05-27 06:41 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Marshall Mathers LP[2000][MP3@320kbps]-FLAWL3SS
    2012-05-27 06:52 - 2012-05-27 06:41 - 00000000 ____D C:\Users\Owner\Downloads\Eminem - The Slim Shady LP
    2012-05-27 06:40 - 2012-05-27 06:40 - 00000000 ____D C:\Users\Owner\Downloads\[1996] Infinite
    2012-05-21 17:20 - 2012-01-21 10:25 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2012-05-21 13:34 - 2012-05-21 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
    2012-05-21 13:31 - 2012-05-21 13:31 - 00000000 ____D C:\Users\Owner\AppData\Local\My Games
    2012-05-21 13:31 - 2011-06-16 17:29 - 00000000 ____D C:\Users\Owner\Documents\My Games
    2012-05-21 13:30 - 2012-05-18 18:01 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
    2012-05-21 13:20 - 2012-05-21 13:16 - 00000000 ____D C:\Users\Owner\Desktop\Civilization V
    2012-05-19 17:02 - 2012-05-19 14:07 - 00000000 ____D C:\Users\Owner\Downloads\Sid Meiers Civilization V-SKIDROW
    2012-05-17 18:47 - 2012-06-14 05:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-14 05:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-14 05:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-14 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-14 05:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-14 05:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-14 05:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-14 05:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-14 05:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-14 05:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-14 05:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-14 05:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-14 05:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-14 05:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-14 05:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-14 05:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-14 05:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-14 05:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-14 05:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-14 05:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-14 05:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-14 05:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-14 05:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-14 05:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-14 05:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-14 05:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-14 05:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-14 05:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-13 13:51 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-12 23:30 - 2010-08-29 20:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-12 23:11 - 2011-03-10 17:45 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-12 23:01 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-12 18:47 - 2012-04-01 10:40 - 00002094 ____A C:\Users\Owner\Desktop\Play Ancient Quest Of Saqqarah.lnk
    2012-05-12 04:06 - 2012-05-18 18:52 - 00009485 ____A C:\Users\Owner\Desktop\skidrow.nfo
    2012-05-09 08:23 - 2012-05-09 08:23 - 00000000 ____D C:\Users\All Users\TERMINAL Studio
    2012-05-08 12:05 - 2012-05-08 12:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TOMI2.THE GATES OF FATE
    2012-05-08 12:03 - 2012-05-08 12:03 - 00001510 ____A C:\Users\Owner\Desktop\The Treasures of Mystery Island The Gates of Fate.lnk
    2012-05-08 12:01 - 2012-05-05 04:46 - 00000000 ____D C:\Program Files (x86)\Viva Media
    2012-05-05 15:43 - 2012-05-05 04:53 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TOMI3
    2012-05-05 04:53 - 2012-05-05 04:53 - 00001461 ____A C:\Users\Owner\Desktop\The Treasures of Mystery Island The Ghost Ship.lnk
    2012-05-05 04:49 - 2012-05-05 04:47 - 00001391 ____A C:\Users\Owner\Desktop\The Treasures Of Mystery Island.lnk
    2012-05-05 04:48 - 2012-05-05 04:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SecretIslandUSA
    2012-05-05 04:47 - 2012-05-05 04:47 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
    2012-05-05 04:47 - 2012-05-05 04:47 - 00000000 ____D C:\Users\All Users\AlawarWrapper
    2012-05-05 04:42 - 2012-05-05 04:42 - 00002158 ____A C:\Users\Public\Desktop\Puzzle Odyssey.lnk
    2012-05-05 04:42 - 2012-05-05 04:42 - 00001190 ____A C:\Users\Owner\Desktop\Break For Games.lnk
    2012-05-05 04:41 - 2012-05-05 04:41 - 00000000 ____D C:\Program Files (x86)\Break For Games
    2012-05-05 04:37 - 2012-05-05 04:37 - 00001260 ____A C:\Users\Public\Desktop\Peggle Nights.lnk
    2012-05-05 04:37 - 2011-03-26 14:43 - 00000203 ____A C:\Users\Public\Desktop\Play More Great Games!.url
    2012-05-05 04:37 - 2011-03-26 14:43 - 00000000 ____D C:\Users\All Users\PopCap Games
    2012-05-05 04:37 - 2011-03-26 14:43 - 00000000 ____D C:\Program Files (x86)\PopCap Games
    2012-05-04 03:06 - 2012-06-13 13:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 13:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 13:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-02 13:13 - 2012-05-02 13:13 - 00039892 ____A C:\Users\Owner\AppData\Roaming\KeyBlaze.dmp
    2012-05-01 18:59 - 2012-05-01 16:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TypingMaster7
    2012-05-01 16:00 - 2012-05-01 16:00 - 09172808 ____A (TypingMaster Inc ) C:\Users\Owner\Downloads\TypingMaster2010.exe
    2012-05-01 16:00 - 2012-05-01 16:00 - 00001099 ____A C:\Users\Public\Desktop\TypingMaster Pro.lnk
    2012-05-01 16:00 - 2012-05-01 16:00 - 00000000 ___RD C:\Program Files (x86)\TypingMaster
    2012-05-01 16:00 - 2012-05-01 16:00 - 00000000 ____D C:\Users\Owner\AppData\Local\searchcom_002
    2012-05-01 16:00 - 2012-05-01 16:00 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2012-05-01 16:00 - 2012-05-01 16:00 - 00000000 ____D C:\Program Files (x86)\searchcom_002
    2012-05-01 15:36 - 2012-05-01 15:36 - 00001020 ____A C:\Users\Public\Desktop\Stamina.lnk
    2012-05-01 15:36 - 2012-05-01 15:36 - 00000000 ____D C:\Program Files (x86)\Stamina
    2012-05-01 14:17 - 2012-05-01 14:17 - 00001145 ____A C:\Users\Public\Desktop\KeyBlaze Typing Tutor.lnk
    2012-05-01 14:17 - 2012-05-01 14:17 - 00000000 ____D C:\Users\All Users\NCH Software
    2012-05-01 14:15 - 2012-05-01 14:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NCH Software
    2012-05-01 14:15 - 2012-05-01 14:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2012-04-30 21:40 - 2012-06-13 13:52 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 18:29 - 2012-04-28 09:48 - 00000000 ____D C:\Users\Owner\Downloads\Underworld Awakening 2012 BRRiP XViD AbSurdiTy
    2012-04-28 16:03 - 2012-04-28 15:27 - 00000000 ____D C:\Users\Owner\Downloads\Source Code (2011) DVDRip XviD-MAXSPEED
    2012-04-28 11:54 - 2012-04-28 10:20 - 00000000 ____D C:\Users\Owner\Downloads\Super 8 2011 DvdRip XviD Xult
    2012-04-28 11:49 - 2012-04-28 11:00 - 00000000 ____D C:\Users\Owner\Downloads\Super.Troopers.2001.iNTERNAL.DVDRip.XviD-EPiC.[UsaBit.com]
    2012-04-28 09:36 - 2012-04-28 09:34 - 00000000 ____D C:\Users\Owner\Downloads\Our.*****.Brother.BDRip.XviD-DiAMOND
    2012-04-27 19:55 - 2012-06-13 13:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-13 13:53 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 13:53 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 13:53 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-13 13:50 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 13:50 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 13:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 13:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 13:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 13:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 17:04 - 2012-04-23 17:04 - 00000017 ____A C:\Users\Owner\AppData\Local\resmon.resmoncfg
    2012-04-16 17:31 - 2011-03-10 17:06 - 00000000 ____D C:\Users\Owner\Documents\TurboTax
    2012-04-16 17:15 - 2012-04-16 03:57 - 00000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
    2012-04-16 03:57 - 2012-04-16 03:57 - 00002531 ____A C:\Users\Public\Desktop\TurboTax 2011.lnk
    2012-04-16 03:55 - 2011-03-10 16:52 - 00000000 ____D C:\Program Files (x86)\TurboTax
    2012-04-07 04:31 - 2012-06-13 13:51 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-13 13:51 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-01 18:01 - 2012-04-01 10:39 - 00000000 ____D C:\Remote Programs
    2012-04-01 10:49 - 2012-04-01 10:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ancient Quest of Saqqarah_alawar
    2012-04-01 10:40 - 2012-04-01 10:39 - 00000000 ____D C:\Program Files (x86)\Free Ride Games
    2012-04-01 10:39 - 2012-04-01 10:39 - 00002081 ____A C:\Users\Public\Desktop\Play Free Games.lnk
    2012-04-01 10:39 - 2012-04-01 10:39 - 00001164 ____A C:\Users\Public\Desktop\More FREE games.lnk
    2012-04-01 10:39 - 2012-04-01 10:39 - 00000064 ____A C:\Windows\GPlrLanc.dat
    2012-04-01 10:39 - 2012-04-01 10:39 - 00000000 ____D C:\Users\All Users\Free Ride Games
    2012-04-01 10:39 - 2010-08-29 20:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-04-01 10:39 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2012-04-01 10:38 - 2012-04-01 10:38 - 00000000 ____D C:\Program Files (x86)\Playfin_1t
    2012-04-01 10:38 - 2012-04-01 10:38 - 00000000 ____D C:\Program Files (x86)\Brand Affinity Technologies
    2012-04-01 10:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
    2012-03-30 03:35 - 2012-05-12 18:47 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-21 12:12 - 2012-04-01 10:39 - 00053314 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
    ZeroAccess:
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\@
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\L
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\00000001.@
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\80000000.@
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\800000cb.@
    ZeroAccess:
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}\@
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}\L
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 14%
    Total physical RAM: 3890.67 MB
    Available physical RAM: 3328 MB
    Total Pagefile: 3888.82 MB
    Available Pagefile: 3310.73 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (TI106042W0A) (Fixed) (Total:452.7 GB) (Free:365.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: () (Removable) (Total:7.47 GB) (Free:6.91 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 7657 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 452 GB 1501 MB
    Partition 3 Primary 11 GB 454 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI106042W0A NTFS Partition 452 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7655 MB 22 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 7655 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-09 20:58
    ======================= End Of Log ==========================


    Farbar Recovery Scan Tool Version: 17-06-2012 01
    Ran by SYSTEM at 2012-06-17 13:46:11
    Running from F:\
    ================== Search: "services.exe;volsnap.sys;winlogon.exe" ===================
    C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
    [2011-03-09 16:17] - [2010-11-20 02:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
    C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys
    [2009-07-13 15:20] - [2009-07-13 17:45] - 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C
    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2011-03-09 16:17] - [2010-11-20 02:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2010-08-29 20:17] - [2009-10-27 23:01] - 0389632 ____A (Microsoft Corporation) A93D41A4D4B0D91C072D11DD8AF266DE
    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
    [2010-08-29 20:17] - [2009-10-27 22:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A
    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009-07-13 15:52] - [2009-07-13 17:39] - 0389120 ____A (Microsoft Corporation) 132328DF455B0028F13BF0ABEE51A63A
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    C:\Windows\System32\winlogon.exe
    [2011-03-09 16:17] - [2010-11-20 02:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
    C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2011-03-09 16:17] - [2010-11-20 02:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
    C:\Windows\System32\drivers\volsnap.sys
    [2011-03-09 16:17] - [2010-11-20 02:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
    ====== End Of Search ======
  5. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Attached Files:

  6. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 01
    Ran by SYSTEM at 2012-06-17 14:12:59 Run:1
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{b0ce6852-8ac3-5f02-1184-9d525505464e} moved successfully.
    C:\Users\Owner\AppData\Local\{b0ce6852-8ac3-5f02-1184-9d525505464e} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  7. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Try to boot normally.

    If successful.....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    I am running kaspersky pure... I have right clicked on kaspersky and disabled protection but combofix is still detecting kaspersky as being active
  9. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    If you disabled Kaspersky disregard Combofix warnings.
  10. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    ok thanks here are the results

    ComboFix 12-06-16.02 - Owner 06/17/2012 15:42:52.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2444 [GMT -4:00]
    Running from: F:\ComboFix.exe
    AV: Kaspersky PURE *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Brand Affinity Technologies
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_tri20111005.crx
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_tri20111005.xpi
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
    c:\program files (x86)\CouponAlert_2pEI
    c:\program files (x86)\iWin Games\iWINgameshookie.dll
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\program files (x86)\SelectRebates
    c:\program files (x86)\SelectRebates\FFToolbar\chrome.manifest
    c:\program files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
    c:\program files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files (x86)\SelectRebates\FFToolbar\install.rdf
    c:\program files (x86)\SelectRebates\SahImages\alert.png
    c:\program files (x86)\SelectRebates\SahImages\check.png
    c:\program files (x86)\SelectRebates\SahImages\close.png
    c:\program files (x86)\SelectRebates\SelectAlerts.dat
    c:\program files (x86)\SelectRebates\SelectRebates.exe
    c:\program files (x86)\SelectRebates\SelectRebates.ini
    c:\program files (x86)\SelectRebates\SelectRebatesA.dat
    c:\program files (x86)\SelectRebates\SelectRebatesApi.exe
    c:\program files (x86)\SelectRebates\SelectRebatesB.dat
    c:\program files (x86)\SelectRebates\SelectRebatesBT.dat
    c:\program files (x86)\SelectRebates\SelectRebatesDownload.exe
    c:\program files (x86)\SelectRebates\SelectRebatesH.dat
    c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
    c:\program files (x86)\SelectRebates\SRebates.dll
    c:\program files (x86)\SelectRebates\SRFF3.dll
    c:\program files (x86)\SelectRebates\Toolbar\AddtoList.bmp
    c:\program files (x86)\SelectRebates\Toolbar\basis.xml
    c:\program files (x86)\SelectRebates\Toolbar\Basis.xml.dym
    c:\program files (x86)\SelectRebates\Toolbar\Blank.bmp
    c:\program files (x86)\SelectRebates\Toolbar\CashBack.bmp
    c:\program files (x86)\SelectRebates\Toolbar\Coupons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp
    c:\program files (x86)\SelectRebates\Toolbar\i_magnifying.bmp
    c:\program files (x86)\SelectRebates\Toolbar\icons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ImageCache\alert-red.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo_24.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ReviewSite.bmp
    c:\program files (x86)\SelectRebates\Toolbar\RightControls.dym
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-alert.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-go.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-icons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-restaurant.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-wishlist.bmp
    c:\program files (x86)\SelectRebates\Toolbar\Scissors.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    c:\programdata\xp
    c:\programdata\xp\EBLib.dll
    c:\programdata\xp\TPwSav.sys
    c:\users\Owner\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    c:\users\Owner\videos\install.exe
    c:\windows\system32\drivers\etc\lmhosts
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_CouponAlert_2pService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-17 19:54 . 2012-06-17 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-17 06:17 . 2012-06-17 21:45 -------- d-----w- C:\FRST
    2012-06-17 04:14 . 2012-06-17 06:44 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-17 03:51 . 2011-10-06 02:57 161720 ----a-w- c:\program files (x86)\2pres.dll
    2012-06-16 18:36 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-16 16:08 . 2012-06-17 08:48 -------- d-----w- c:\program files\Alwil Software
    2012-06-16 16:08 . 2012-06-16 16:08 -------- d-----w- c:\programdata\Alwil Software
    2012-06-16 16:02 . 2012-06-16 16:02 -------- d-----w- c:\program files (x86)\CCleaner Professional
    2012-06-14 13:01 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2012-06-14 13:01 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
    2012-06-14 13:01 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
    2012-06-13 21:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 21:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 21:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 21:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 21:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 21:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 21:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 21:51 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 21:51 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 21:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 21:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 21:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 21:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 21:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 21:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 21:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 21:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-10 01:43 . 2012-06-10 01:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-10 01:29 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{770FF62C-CD89-45A6-946B-7F1C6739A3B1}\mpengine.dll
    2012-05-27 17:09 . 2012-05-27 17:17 -------- d-----w- c:\users\Owner\AppData\Roaming\Nero
    2012-05-27 17:08 . 2012-05-27 17:08 -------- d-----w- c:\program files (x86)\Common Files\Nero
    2012-05-27 17:08 . 2012-05-27 17:09 -------- d-----w- c:\program files (x86)\Nero
    2012-05-27 17:08 . 2012-05-27 17:09 -------- d-----w- c:\programdata\Nero
    2012-05-27 15:43 . 2012-05-27 15:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Xilisoft
    2012-05-27 15:43 . 2012-05-27 15:43 -------- d-----w- c:\programdata\Xilisoft
    2012-05-21 21:34 . 2012-05-21 21:34 -------- d-----w- c:\users\Owner\AppData\Local\SKIDROW
    2012-05-21 21:31 . 2012-05-21 21:31 -------- d-----w- c:\users\Owner\AppData\Local\My Games
    2012-05-19 02:01 . 2012-05-21 21:30 -------- d-----w- c:\program files (x86)\Sid Meier's Civilization V
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-30 11:35 . 2012-05-13 02:47 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-21 20:12 . 2012-04-01 18:39 53314 ------w- c:\windows\ExentInfo.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{ee9aab28-7d67-44a3-aefc-c66aef34af76}"= "c:\program files (x86)\Playfin_1t\bar\1.bin\1tSrcAs.dll" [2012-04-01 62864]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ee9aab28-7d67-44a3-aefc-c66aef34af76}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0a80cff8-ccdb-4ef9-96c3-41cdde184adb}]
    2012-03-01 20:57 85288 ----a-w- c:\program files (x86)\searchcom_002\searchcom_002X.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    "{0a80cff8-ccdb-4ef9-96c3-41cdde184adb}"= "c:\program files (x86)\searchcom_002\searchcom_002X.dll" [2012-03-01 85288]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{0a80cff8-ccdb-4ef9-96c3-41cdde184adb}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-11 399224]
    "Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
    "QuickPhrase"="c:\program files (x86)\TypingMaster\QuickPhrase\quickphrase.exe" [2008-11-18 638456]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
    "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
    "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
    "Playfin_1t Browser Plugin Loader"="c:\progra~2\PLAYFI~1\bar\1.bin\1tbrmon.exe" [2012-04-01 30096]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 FTSvc;Fantapper Player Update Service;c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
    R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
    R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-08-30 332272]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-23 822192]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
    S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 Playfin_1tService;PlayfinService;c:\progra~2\PLAYFI~1\bar\1.bin\1tbarsvc.exe [2012-04-01 42504]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
    S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [2010-11-22 55400]
    S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
    S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
    S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 04:44]
    .
    2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 04:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-08-30 04:44 750064 ----a-w- c:\programdata\Partner\Partner64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
    "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
    "combofix"="c:\combofix\CF11837.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe
    Toolbar-Locked - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-17 16:06:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-17 20:06
    .
    Pre-Run: 392,277,155,840 bytes free
    Post-Run: 391,756,566,528 bytes free
    .
    - - End Of File - - 358FFD888DB3C4E635642BCFBB8F16D7
  11. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Looks good.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    So far so good...
    Heres the first one...

    OTL logfile created on: 6/17/2012 5:00:57 PM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = F:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 60.95% Memory free
    7.60 Gb Paging File | 5.90 Gb Available in Paging File | 77.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.70 Gb Total Space | 364.90 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
    Drive F: | 7.47 Gb Total Space | 6.90 Gb Free Space | 92.25% Space Free | Partition Type: FAT32

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/17 16:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
    PRC - [2012/04/01 14:38:27 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tbarsvc.exe
    PRC - [2012/04/01 14:38:27 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tbrmon.exe
    PRC - [2012/03/21 19:02:24 | 004,862,384 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
    PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/05/27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2011/05/27 16:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    PRC - [2011/05/27 16:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    PRC - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
    PRC - [2011/03/10 21:19:41 | 000,399,224 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010/05/01 20:55:36 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    PRC - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2010/03/03 18:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 18:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/12/25 19:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    PRC - [2008/11/18 11:26:26 | 000,638,456 | ---- | M] (TypingMaster, Inc) -- C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe
    PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/27 16:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
    MOD - [2011/05/27 16:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
    MOD - [2010/08/22 22:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
    MOD - [2010/08/22 22:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
    MOD - [2010/08/22 22:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
    MOD - [2010/08/22 22:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
    MOD - [2010/08/22 21:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
    MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
    MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
    MOD - [2007/05/23 15:51:54 | 000,027,928 | ---- | M] () -- C:\Program Files (x86)\TypingMaster\QuickPhrase\PhraseDll.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/07/28 14:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/07/22 20:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/06/29 15:05:02 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/06/07 19:39:40 | 000,911,872 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV:64bit: - [2010/06/07 19:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/10/21 13:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
    SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/04/01 14:38:27 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tbarsvc.exe -- (Playfin_1tService)
    SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/05/27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
    SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/08/30 00:44:34 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010/03/03 18:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/03/03 18:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/10/06 13:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/07 23:29:18 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/10 20:50:21 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/07/28 15:46:18 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2010/06/18 14:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/05/18 20:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/05/16 21:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel(R) Centrino(R)
    DRV:64bit: - [2010/05/16 21:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
    DRV:64bit: - [2010/05/16 21:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
    DRV:64bit: - [2010/05/08 22:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2010/05/03 18:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/21 15:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/01/20 14:18:26 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
    DRV:64bit: - [2010/01/15 16:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/10/14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
    DRV:64bit: - [2009/10/02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
    DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/09/01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
    DRV:64bit: - [2009/07/31 01:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
    DRV:64bit: - [2009/06/29 14:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/04/17 15:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV - [2010/11/22 09:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F0488A0A-2D84-4715-9C2A-5098E7456FCC}
    IE:64bit: - HKLM\..\SearchScopes\{F0488A0A-2D84-4715-9C2A-5098E7456FCC}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {1DB6C61A-6AD0-49A6-AC27-9FBC65A54B5C}
    IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/myweb...&n=77def56a&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{1DB6C61A-6AD0-49A6-AC27-9FBC65A54B5C}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\URLSearchHook: {ee9aab28-7d67-44a3-aefc-c66aef34af76} - No CLSID value found
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/myweb...&n=77def56a&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?sourc...120502408B48A3B09CBD3AED3DB5E7&q={searchTerms}
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\SearchScopes\{A12B05D9-DF22-4E79-93FC-EAE22E2DE1CB}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searc...id=30233&camp_id=3495&tb_version=1.1.3000.4(B)
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Playfin_1t.com/Plugin: C:\Program Files (x86)\Playfin_1t\bar\1.bin\NP1tStub.dll (MindSpark)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1tffxtbr@Playfin_1t.com: C:\Program Files (x86)\Playfin_1t\bar\1.bin [2012/04/01 14:38:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt [2012/06/17 16:16:40 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Search (Enabled)
    CHR - default_search_provider: search_url = https://search.blekko.com/ws/?sourc...120502408B48A3B09CBD3AED3DB5E7&q={searchTerms}
    CHR - default_search_provider: suggest_url = ,
    CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Error reading preferences file
    CHR - Extension: Angry Birds = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\1.0.6_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/17 15:56:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
    O2 - BHO: (Search.com Bar) - {0a80cff8-ccdb-4ef9-96c3-41cdde184adb} - C:\Program Files (x86)\searchcom_002\searchcom_002X.dll ()
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\npchrome_frame.dll (Google Inc.)
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Search.com Bar) - {0a80cff8-ccdb-4ef9-96c3-41cdde184adb} - C:\Program Files (x86)\searchcom_002\searchcom_002X.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [Playfin_1t Browser Plugin Loader] C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tbrmon.exe (VER_COMPANY_NAME)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000..\Run: [QuickPhrase] C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe (TypingMaster, Inc)
    O4 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C04D11F-9BE2-494E-89D7-01CB81CAF193}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAD42540-46D2-4629-A599-783FF56AA43C}: DhcpNameServer = 8.8.8.8 4.2.2.2
    O18:64bit: - Protocol\Handler\gcf - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\npchrome_frame.dll (Google Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/17 16:19:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/06/17 16:16:21 | 000,085,048 | ---- | C] (Infowatch) -- C:\windows\SysNative\drivers\CSCrySec.sys
    [2012/06/17 16:16:21 | 000,066,104 | ---- | C] (Infowatch) -- C:\windows\SysNative\drivers\CSVirtualDiskDrv.sys
    [2012/06/17 16:06:38 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/06/17 15:56:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/06/17 15:41:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/06/17 15:41:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/06/17 15:41:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/06/17 14:52:43 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\Passwords Database
    [2012/06/17 14:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/17 14:27:37 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/06/17 02:17:06 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/17 00:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/16 14:36:45 | 000,258,520 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
    [2012/06/16 12:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2012/06/16 12:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2012/06/16 12:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Professional
    [2012/06/16 12:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner Professional
    [2012/06/09 21:43:20 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
    [2012/05/27 13:09:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Nero
    [2012/05/27 13:08:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
    [2012/05/27 13:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
    [2012/05/27 13:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
    [2012/05/27 13:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2012/05/27 11:43:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xilisoft
    [2012/05/27 11:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
    [2012/05/21 17:34:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SKIDROW
    [2012/05/21 17:31:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\My Games
    [2012/05/21 17:16:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Civilization V
    [2012/05/18 22:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/17 16:25:28 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/17 16:25:28 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/17 16:18:07 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/17 16:17:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/06/17 16:17:47 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/17 16:07:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/17 15:56:39 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/06/17 14:29:14 | 000,746,862 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/06/17 14:29:14 | 000,639,172 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/06/17 14:29:14 | 000,112,188 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/06/17 02:44:06 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/06/17 00:50:32 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
    [2012/06/17 00:14:16 | 000,743,840 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/06/16 23:51:06 | 000,000,048 | ---- | M] () -- C:\windows\wininit.ini
    [2012/06/16 12:02:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner Professional.lnk
    [2012/06/14 09:31:34 | 000,313,848 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/05/28 10:40:13 | 000,001,733 | ---- | M] () -- C:\Users\Owner\Desktop\CivilizationV_DX11 - Shortcut.lnk
    [2012/05/28 05:54:35 | 000,000,395 | ---- | M] () -- C:\windows\SysWow64\mprdin.ocx
    [2012/05/27 13:09:00 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    [2012/05/27 12:04:38 | 000,002,168 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Audio Converter Pro.lnk
    [2012/05/27 12:04:38 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft Audio Converter Pro.lnk
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/17 15:41:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/06/17 15:41:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/06/17 15:41:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/06/17 15:41:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/06/17 15:41:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/06/17 00:14:33 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
    [2012/06/17 00:14:16 | 000,743,840 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/06/16 23:51:06 | 000,161,720 | ---- | C] () -- C:\Program Files (x86)\2pres.dll
    [2012/06/16 23:51:06 | 000,000,048 | ---- | C] () -- C:\windows\wininit.ini
    [2012/06/16 12:08:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
    [2012/06/16 12:02:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner Professional.lnk
    [2012/05/28 10:40:13 | 000,001,733 | ---- | C] () -- C:\Users\Owner\Desktop\CivilizationV_DX11 - Shortcut.lnk
    [2012/05/28 05:54:35 | 000,000,395 | ---- | C] () -- C:\windows\SysWow64\mprdin.ocx
    [2012/05/27 13:09:00 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    [2012/05/27 12:04:38 | 000,002,168 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Audio Converter Pro.lnk
    [2012/05/27 12:04:38 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft Audio Converter Pro.lnk
    [2012/05/18 22:52:32 | 000,009,485 | ---- | C] () -- C:\Users\Owner\Desktop\skidrow.nfo
    [2012/05/02 17:13:06 | 000,039,892 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\KeyBlaze.dmp
    [2012/04/23 21:04:58 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2012/04/16 07:57:16 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/04/01 14:39:55 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
  13. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    ========== LOP Check ==========

    [2011/05/11 23:22:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\7Wonders
    [2012/04/01 14:49:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ancient Quest of Saqqarah_alawar
    [2012/06/16 12:05:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
    [2011/06/16 21:29:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\My Games
    [2011/09/19 17:53:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Pi Eye Games
    [2011/09/27 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PopCapv1002
    [2011/09/28 17:32:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PopCapv1006
    [2012/05/05 08:48:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SecretIslandUSA
    [2011/09/21 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sudden Games
    [2012/05/08 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TOMI2.THE GATES OF FATE
    [2012/05/05 19:43:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TOMI3
    [2011/05/15 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
    [2012/05/01 22:59:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TypingMaster7
    [2012/06/17 17:06:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
    [2011/03/09 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
    [2012/05/27 11:43:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilisoft
    [2012/06/17 15:38:22 | 000,032,648 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/08/30 16:44:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/06/17 16:06:32 | 000,025,334 | ---- | M] () -- C:\ComboFix.txt
    [2010/03/03 16:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
    [2012/06/17 16:17:47 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/17 16:17:49 | 4079,665,152 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 03:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/10/05 22:57:18 | 000,161,720 | ---- | M] () -- C:\Program Files (x86)\2pres.dll
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/02/15 22:46:57 | 000,000,314 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/17 16:18:07 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/17 17:07:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/17 16:18:01 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
    [2012/06/17 15:38:22 | 000,032,648 | ---- | M] () -- C:\windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/20 08:20:11 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini
    [2012/05/01 18:17:18 | 000,000,288 | ---- | M] () -- C:\Users\Owner\Favorites\NCH Software Download Site.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/09/05 19:06:23 | 000,003,904 | ---- | M] () -- C:\ProgramData\doicrane_save.log
    [2012/04/16 21:15:43 | 000,000,469 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:82111599
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:46912591
    < End of report >
  14. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    And the second one...

    OTL Extras logfile created on: 6/17/2012 5:00:57 PM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = F:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 60.95% Memory free
    7.60 Gb Paging File | 5.90 Gb Available in Paging File | 77.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.70 Gb Total Space | 364.90 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
    Drive F: | 7.47 Gb Total Space | 6.90 Gb Free Space | 92.25% Space Free | Partition Type: FAT32

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-4252040873-629529878-3386446165-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4F4709E9-9299-4BF3-BAEC-8A8B4CE6A5A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F1FD2AB1-AF4C-445E-9E6E-6462A1C380BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{62C4AD24-259D-4ADA-9E9A-81E3B06D149D}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
    "TCP Query User{F64D05ED-677D-4EDB-BE13-A2C4341BFD82}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{43805193-FDE1-4320-96F2-1180EADB6D68}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{EE5F7096-A0E4-4EA7-9B85-1814FD47D011}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0BCB9F67-6225-4844-AD5F-E2DE86934464}" = LeapFrog Leapster Explorer Plugin
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B0DA03A-8334-4127-B788-CC44F2F462DB}" = Jewel Quest
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9B7BB2DA-EF1A-45EF-9101-093C06C6AB2D}" = e-Sword
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A7E279B1-BEC4-4C2C-A5C4-6EB7982FF0B5}" = Jewel Quest 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B217B8BC-8543-46DB-B049-89660B8BFADD}_is1" = CCleaner Professional
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
    "{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
    "{C8FAFAEE-94E2-43D9-8046-87F96D0FD7CF}" = Fantapper Player
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{F9F6CF4F-4CA5-498C-AE20-99A0C2B60918}" = Jewel Quest - Sleepless Star
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7 Wonders" = 7 Wonders
    "7 Wonders II" = 7 Wonders II
    "7 Wonders Treasures of Seven" = 7 Wonders Treasures of Seven
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Amazing Adventures Around the World" = Amazing Adventures Around the World
    "Amazing Adventures The Caribbean Secret" = Amazing Adventures The Caribbean Secret
    "Amazing Adventures The Lost Tomb" = Amazing Adventures The Lost Tomb
    "AVI to DVD Converter" = AVI to DVD Converter
    "Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
    "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
    "conduitEngine" = Conduit Engine
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "exent_466550" = The Treasures of Montezuma
    "exent_651950" = Ancient Quest Of Saqqarah
    "exent_706250" = Roads of Rome
    "exent_708650" = Unlikely Suspects
    "Galaxy Quest" = Galaxy Quest (remove only)
    "Google Chrome" = Google Chrome
    "Google Chrome Frame" = Google Chrome Frame
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
    "InterActual Player" = InterActual Player
    "iWinArcade" = iWin Games (remove only)
    "Jewel Quest III" = Jewel Quest III (remove only)
    "Jewel Quest Mysteries: Curse of the Emerald Tear" = Jewel Quest Mysteries: Curse of the Emerald Tear (remove only)
    "Jewel Quest: Heritage" = Jewel Quest: Heritage (remove only)
    "KeyBlaze" = KeyBlaze Typing Tutor
    "LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
    "Peggle Nights 1.0" = Peggle Nights 1.0
    "Playfin_1tbar Uninstall" = Playfin
    "Puzzle Odyssey_is1" = Puzzle Odyssey
    "Search Toolbar" = Search Toolbar
    "searchcom_002" = Search.com Bar
    "Stamina" = Stamina 2.5
    "The Treasures Of Mystery Island" = The Treasures Of Mystery Island
    "The Treasures of Mystery Island: The Gates of Fate" = The Treasures of Mystery Island: The Gates of Fate
    "The Treasures of Mystery Island: The Ghost Ship" = The Treasures of Mystery Island: The Ghost Ship
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "UPCShell" = LeapFrog Connect
    "uTorrent" = µTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "WTA-84f86400-8b54-4e50-bb47-5a89048c530c" = Bejeweled 3
    "WTA-b029f44b-7be8-42db-8e60-c7fd05f25bd9" = Collapse Crunch
    "Xilisoft Audio Converter Pro" = Xilisoft Audio Converter Pro

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4252040873-629529878-3386446165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "48e4cff94f039634" = Best Buy pc app
    "Drop!" = Drop!
    "Twistingo" = Twistingo

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/10/2012 10:48:15 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
    time stamp: 0x4ce79912 Faulting module name: 2puabtn.dll, version: 1.0.0.0, time
    stamp: 0x4dc10c30 Exception code: 0xc0000005 Fault offset: 0x00002c2f Faulting process
    id: 0x1974 Faulting application start time: 0x01ccd00b6f8334bc Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll Report Id: b529800c-3bfe-11e1-924a-88ae1dfccccd

    Error - 1/12/2012 8:09:24 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
    time stamp: 0x4ce79912 Faulting module name: 2puabtn.dll, version: 1.0.0.0, time
    stamp: 0x4dc10c30 Exception code: 0xc0000005 Fault offset: 0x00002c2f Faulting process
    id: 0x1100 Faulting application start time: 0x01ccd122f1917100 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll Report Id: 43bca2de-3d16-11e1-aa88-88ae1dfccccd

    Error - 1/12/2012 8:10:38 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
    time stamp: 0x4ce79912 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting
    process id: 0x1224 Faulting application start time: 0x01ccd1230b36d255 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: 7033f555-3d16-11e1-aa88-88ae1dfccccd

    Error - 1/12/2012 8:49:18 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 1/15/2012 2:49:00 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.2.3:5353 4 Owner-PC.local.
    Addr 192.168.2.3

    Error - 1/15/2012 2:49:00 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Owner-PC.local.
    Addr 192.168.2.2

    Error - 1/15/2012 2:49:00 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local
    instead

    Error - 1/15/2012 7:34:41 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 1/16/2012 8:28:49 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
    time stamp: 0x4ce79912 Faulting module name: 2puabtn.dll, version: 1.0.0.0, time
    stamp: 0x4dc10c30 Exception code: 0xc0000005 Fault offset: 0x00002c2f Faulting process
    id: 0x14c8 Faulting application start time: 0x01ccd4aef894803f Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll Report Id: 38e511ee-40a2-11e1-86ad-88ae1dfccccd

    Error - 1/17/2012 5:35:57 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: avp.exe, version: 9.1.0.124, time stamp:
    0x4ca6198e Faulting module name: bl.ppl, version: 9.1.0.124, time stamp: 0x4ca622dc
    Exception
    code: 0xc0000005 Fault offset: 0x0007e0fb Faulting process id: 0x6dc Faulting application
    start time: 0x01ccd42735eb006e Faulting application path: C:\Program Files (x86)\Kaspersky
    Lab\Kaspersky PURE\avp.exe Faulting module path: C:\Program Files (x86)\Kaspersky
    Lab\Kaspersky PURE\bl.ppl Report Id: 3d720cd0-4153-11e1-86ad-88ae1dfccccd

    Error - 1/17/2012 6:30:01 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    [ System Events ]
    Error - 1/21/2012 7:02:02 PM | Computer Name = Owner-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR5.

    Error - 2/4/2012 3:23:14 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 2:13:40 AM on ?2/?4/?2012 was unexpected.

    Error - 2/4/2012 10:39:58 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:38:12 AM on ?2/?4/?2012 was unexpected.

    Error - 2/27/2012 8:51:49 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:23:09 PM on ?2/?25/?2012 was unexpected.

    Error - 3/13/2012 3:20:08 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:19:09 AM on ?3/?13/?2012 was unexpected.

    Error - 3/27/2012 1:39:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Intuit
    Update Service service to connect.

    Error - 3/27/2012 1:39:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description = The Intuit Update Service service failed to start due to the following
    error: %%1053

    Error - 4/12/2012 8:44:41 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:42:56 AM on ?4/?12/?2012 was unexpected.

    Error - 4/30/2012 7:15:17 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:04:41 PM on ?4/?29/?2012 was unexpected.

    Error - 5/10/2012 7:56:47 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:27:30 PM on ?5/?9/?2012 was unexpected.


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/myweb...&n=77def56a&psa=&st=sb&searchfor={searchTerms}
      IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/myweb...&n=77def56a&psa=&st=sb&searchfor={searchTerms}
      IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searc...id=30233&camp_id=3495&tb_version=1.1.3000.4(B)
      IE - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O15 - HKU\S-1-5-21-4252040873-629529878-3386446165-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:82111599
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:46912591
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}\ not found.
    Registry key HKEY_USERS\S-1-5-21-4252040873-629529878-3386446165-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}\ not found.
    Registry key HKEY_USERS\S-1-5-21-4252040873-629529878-3386446165-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
    HKU\S-1-5-21-4252040873-629529878-3386446165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-4252040873-629529878-3386446165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    ADS C:\ProgramData\TEMP:82111599 deleted successfully.
    ADS C:\ProgramData\TEMP:46912591 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 16835629 bytes
    ->Temporary Internet Files folder emptied: 20548195 bytes
    ->Java cache emptied: 2504138 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1160 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 61182993 bytes
    RecycleBin emptied: 24314 bytes

    Total Files Cleaned = 96.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Owner
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.49.0 log created on 06172012_175917
    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Owner\AppData\Local\Temp\IWCSDrvInstaller.log moved successfully.
    C:\Users\Owner\AppData\Local\Temp\MSI12f3a.LOG moved successfully.
    File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    C:\windows\temp\_asw_aisI.tm~a02736\setup.lok moved successfully.
    Registry entries deleted on Reboot...
  17. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CCleaner Professional
    Java(TM) 6 Update 20
    Out of date Java installed!
    Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    Alwil Software Avast5 setup avast.setup
    ``````````End of Log````````````
  18. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    Farbar Service Scanner Version: 09-06-2012
    Ran by Owner (administrator) on 17-06-2012 at 18:06:26
    Running from "F:\"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 17:50] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  19. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    still finishing eset sorry
  20. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    and its not going good... eset says 9 infected files and its only at 67 percent... will post results when it finishes
  21. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    Heres the list of everything eset has found


    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\800000cb.@ Win64/Sirefef.AH trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
    C:\Program Files (x86)\Playfin_1t\bar\1.bin\1thtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
    C:\Program Files (x86)\Playfin_1t\bar\1.bin\1thtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
    C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting (after the next restart) - quarantined
    C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tPlugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\Users\Owner\AppData\Local\Temp\NOD903.tmp probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting (after the next restart) - quarantined
    C:\Users\Owner\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\0F81BA4A.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
  22. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  23. silentjester

    silentjester TS Rookie Topic Starter Posts: 18

    I forgot to save the last OTL log so I am not able to post it here but so far my computer is running like a champ. Thanks for all your time and help... I would of been so lost without you.
  24. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Yes!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.