TechSpot

Ping.exe and Win 7 Security virus/malware

Solved
By defk
Dec 21, 2011
  1. I was hit with some nasty virus/malware programs after coming home from college. There was one called Win 7 Security (I believe) that claimed my computer had been compromised. There was also one causing Ping.exe to use massive amounts of CPU time (which caused my computer to overheat). I got rid of the Win 7 Security program using Malwarebytes, but Ping.exe is still causing my computer to get really hot.

    I've also noticed that OfficeScan has gone crazy, telling me that it has deleted hundreds of viruses/malware (with names like TROJ_FAKEAV.DAM). How can I get rid of these problems once and for all? I've already got backups made just in case I have to start over. I'm running Windows 7 Home Premium 64 bit, Service Pack 1 on a laptop. Thanks for your time.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. defk

    defk TS Rookie Topic Starter

    Thanks for the fast reply. I ran Malwarebytes without any problems. I'm trying to run GMER but I'm stuck because I can't disable Trend Micro OfficeScan. I'm required to use it by my university and I think I need a special password to "unload" it. The special instructions for disabling it didn't work for my version because there is no "Exit" option when I right click the icon. In the mean time, here is the log from the Malwarebytes scan:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122201

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    12/22/2011 12:17:51 AM
    mbam-log-2011-12-22 (00-17-50).txt

    Scan type: Quick scan
    Objects scanned: 230793
    Time elapsed: 20 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. Broni

    Broni Malware Annihilator Posts: 47,973   +271

  5. defk

    defk TS Rookie Topic Starter

    I called my school and they gave me the password to unload Trend Micro OfficeScan. Here are the logs from DDS and GMER:

    The GMER log was empty.


    DDS Attach:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/19/2010 1:37:59 PM
    System Uptime: 12/23/2011 12:13:14 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 152.22 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP404: 12/15/2011 3:15:16 PM - Windows Update
    RP405: 12/15/2011 4:07:00 PM - Windows Update
    RP406: 12/19/2011 4:01:57 AM - Restore Operation
    RP407: 12/19/2011 4:17:19 AM - Windows Update
    RP408: 12/19/2011 6:54:27 PM - Windows Update
    RP409: 12/20/2011 5:25:17 PM - Installed Java(TM) 6 Update 30
    RP410: 12/20/2011 5:28:19 PM - Installed Java(TM) 6 Update 30 (64-bit)
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Reader 9.4.7
    Adobe Shockwave Player 11.6
    Amazon Links
    Amazon MP3 Downloader 1.0.15
    Apple Application Support
    Apple Software Update
    Aspell English Dictionary-0.50-2
    Audacity 1.3.12 (Unicode)
    Audiosurf Demo
    BitPim 1.0.7
    Cisco AnyConnect VPN Client
    CodeWarrior for Microcontrollers v10.0
    Compatibility Pack for the 2007 Office system
    COWON Media Center - jetAudio Basic VX
    Crystal Reports for Visual Studio
    D3DX10
    Dotfuscator Software Services - Community Edition
    EasyBits GO
    Epson Easy Photo Print 2
    EPSON Scan
    Facebook Video Calling 1.0.0.8953
    foobar2000 v1.1.10
    GNU Aspell 0.50-3
    Google Chrome
    Google Earth
    Google Update Helper
    GT Interactive - Driver
    GTK+ Runtime 2.14.7 rev a (remove only)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2522890)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2542054)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2549864)
    Java Auto Updater
    Java(TM) 6 Update 30
    Joystick 2 Mouse 3
    Junk Mail filter update
    Label@Once 1.0
    LEGO® MINDSTORMS® NXT - English Language Pack
    LEGO® MINDSTORMS® NXT Driver
    LG USB Modem driver
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MathGV 4
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Premium - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio Macro Tools
    Minecraft Backup Assistant
    Mobile Witch Remote Control
    Mozilla Firefox (4.0b1)
    Mozilla Firefox 8.0 (x86 en-US)
    Mozilla Thunderbird (3.1.12)
    Mp3tag v2.49
    MSVCRT
    MSVCRT_amd64
    Netrek XP 2010 v1.0
    Notepad++
    P&E Device Drivers
    Pidgin
    Portal
    PowerWorld Simulator GSO Education Edition
    PSpice Student 9.1
    PureVoice
    Quickbooks Financial Center
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    RealUpgrade 1.1
    Safari
    SafeConnect
    Samsung PC Studio 3 USB Driver Installer
    SecondLife (remove only)
    SecondLifeViewer2 (remove only)
    Secret Maryo Chronicles
    Secret Maryo Chronicles Music Pack
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
    SimCity 3000
    Skype Click to Call
    Skype Launcher
    Skype™ 5.5
    SMPlayer 0.6.9
    Star Trek Legacy
    Star Trek: D·A·C - Demo
    Steam
    Stellarium 0.10.4
    swMSM
    Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
    TI Connect 1.6
    TOSHIBA Application Installer
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA ConfigFree
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Internal Modem Region Select Utility
    TOSHIBA Media Controller
    Toshiba Online Backup
    TOSHIBA Quality Application
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Trend Micro OfficeScan Client
    Tunatic
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VegaStrike 5.0
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.11
    WCF RIA Services V1.0 SP1
    Winamp
    Winamp Detector Plug-in
    Winamp Toolbar
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinSCP 4.3.5
    Write-N-Cite
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Yawcam 0.3.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/23/2011 1:46:31 PM, Error: Service Control Manager [7001] - The OfficeScan NT Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error: The system cannot find the file specified.
    12/23/2011 1:46:31 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: The system cannot find the file specified.
    12/22/2011 12:33:21 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    12/21/2011 5:17:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Frisco\Guest SID (S-1-5-21-2356330738-2839853948-1364125998-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/21/2011 10:31:28 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
    12/21/2011 10:31:26 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/21/2011 10:31:22 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    12/21/2011 10:31:22 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    12/20/2011 9:47:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
    12/20/2011 9:47:10 PM, Error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/20/2011 4:04:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    12/19/2011 4:03:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TOSHIBA eco Utility Service service.
    .
    ==== End Of File ===========================


    DDS DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Adekunle Ferreira at 13:55:22 on 2011-12-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2529 [GMT -6:00]
    .
    AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k apphost
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\SafeConnect\scManager.sys
    C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\taskhost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\windows\system32\Dwm.exe
    C:\Windows\System32\hkcmd.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\spool\drivers\x64\3\E_IATIEJA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\SafeConnect\scClient.exe
    C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\Misc\xpupg.exe
    C:\windows\system32\conhost.exe
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    uRun: [Google Update] "C:\Users\Adekunle Ferreira\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Core Temp] "C:\Special Program Files\CoreTemp64\Core Temp.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [EPSON NX300 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\windows\TEMP\E_S4371.tmp" /EF "HKCU"
    uRun: [Facebook Update] "C:\Users\Adekunle Ferreira\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Scrybe.lnk - C:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 3 (0x3)
    IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{09528C48-0B8B-4F83-A403-163983A160DE} : DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{09528C48-0B8B-4F83-A403-163983A160DE}\143747F627F53427F677E656F5D456564796E676 : DhcpNameServer = 4.2.2.1
    TCP: Interfaces\{09528C48-0B8B-4F83-A403-163983A160DE}\143747F627F5C4F6262697F575962756C6563737 : DhcpNameServer = 4.2.2.1
    TCP: Interfaces\{09528C48-0B8B-4F83-A403-163983A160DE}\1444F4546594 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{09528C48-0B8B-4F83-A403-163983A160DE}\7457563747 : DhcpNameServer = 192.168.1.10 192.168.1.11
    TCP: Interfaces\{09528C48-0B8B-4F83-A403-163983A160DE}\C696E6B6379737 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{E3DC76B2-CF0F-43CB-9AC3-8DD647FC52D4} : DhcpNameServer = 129.130.254.2 129.130.254.3
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    BHO-X64: Winamp Toolbar Loader - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.startup.homepage - www.msn.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Adekunle Ferreira\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Adekunle Ferreira\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\system32\DRIVERS\tmlwf.sys --> C:\windows\system32\DRIVERS\tmlwf.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
    R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
    R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
    R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-2-11 603896]
    R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-1-31 54136]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-1 136176]
    S2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2009-10-12 342288]
    S2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2009-10-12 42768]
    S2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\system32\DRIVERS\tmwfp.sys --> C:\windows\system32\DRIVERS\tmwfp.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-1 136176]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 SaiU0CCB;SaiU0CCB;C:\windows\system32\DRIVERS\SaiU0CCB.sys --> C:\windows\system32\DRIVERS\SaiU0CCB.sys [?]
    S3 SilvrLnk;SilverLink (USB GraphLink) Cable;C:\Windows\System32\drivers\SilvrLnk.sys [2010-3-25 21456]
    S3 TmPfw;OfficeScan NT Firewall;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-4-28 595960]
    S3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-7-15 917768]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 UsbFltr;WayTech USB Filter Driver;C:\windows\system32\Drivers\UsbFltr.sys --> C:\windows\system32\Drivers\UsbFltr.sys [?]
    S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\windows\system32\DRIVERS\lgx64gps.sys --> C:\windows\system32\DRIVERS\lgx64gps.sys [?]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0105;RsFx0105 Driver;C:\windows\system32\DRIVERS\RsFx0105.sys --> C:\windows\system32\DRIVERS\RsFx0105.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    .
    =============== Created Last 30 ================
    .
    2011-12-20 23:28:57 525544 ----a-w- C:\windows\System32\deployJava1.dll
    2011-12-20 23:23:45 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-20 22:05:26 -------- d-----w- C:\Users\Adekunle Ferreira\AppData\Roaming\Malwarebytes
    2011-12-20 22:05:09 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-12-20 22:05:03 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
    2011-12-20 22:05:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-20 21:48:45 -------- d-----we C:\windows\system64
    2011-12-20 06:50:07 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3FA4AA6-D513-4A76-B73E-E7DAEC361751}\mpengine.dll
    2011-12-19 10:27:11 -------- d-----w- C:\Program Files\Bonjour
    2011-12-19 10:27:11 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-12-15 22:01:02 -------- d-----w- C:\ProgramData\PreEmptive Solutions
    2011-12-15 21:31:28 -------- d-----w- C:\ProgramData\VS
    2011-12-15 21:29:15 -------- d-----w- C:\71c677d143c4b75011d5
    2011-12-15 06:30:24 43520 ----a-w- C:\windows\System32\csrsrv.dll
    2011-12-15 06:30:21 3145216 ----a-w- C:\windows\System32\win32k.sys
    2011-12-15 06:30:19 723456 ----a-w- C:\windows\System32\EncDec.dll
    2011-12-15 06:30:18 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
    2011-12-15 06:30:12 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2011-12-15 06:30:12 2048 ----a-w- C:\windows\System32\tzres.dll
    2011-12-09 13:59:01 -------- d-----w- C:\885e8573b04f93b977
    2011-12-08 21:57:34 66856 ----a-w- C:\windows\SysWow64\SynTPEnhPS.dll
    2011-12-08 21:57:34 411432 ----a-w- C:\windows\System32\SynCOM.dll
    2011-12-08 21:57:34 274728 ----a-w- C:\windows\System32\SynCtrl.dll
    2011-12-08 21:57:34 225576 ----a-w- C:\windows\System32\SynTPAPI.dll
    2011-12-08 21:57:34 218408 ----a-w- C:\windows\SysWow64\SynCtrl.dll
    2011-12-08 21:57:34 173352 ----a-w- C:\windows\SysWow64\SynCOM.dll
    2011-12-08 21:57:34 148264 ----a-w- C:\windows\System32\SynTPCo9.dll
    2011-12-08 21:57:34 1424944 ----a-w- C:\windows\System32\drivers\SynTP.sys
    2011-12-08 21:57:34 107816 ----a-w- C:\windows\SysWow64\SynTPCOM.dll
    2011-12-08 21:57:02 -------- d-----w- C:\ProgramData\Synaptics
    2011-12-08 21:57:02 -------- d-----w- C:\Program Files (x86)\Synaptics
    2011-12-01 17:17:21 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2011-12-01 17:17:00 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2011-12-01 17:16:50 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2011-12-01 17:16:42 108544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    2011-12-01 17:16:33 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
    2011-12-01 17:16:33 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
    2011-11-30 18:42:34 -------- d-----w- C:\00938a5949b251fc3a
    2011-11-29 21:59:03 -------- dc-h--w- C:\ProgramData\{5F59C11A-CDD5-4331-8582-AC69555A7CB0}
    2011-11-29 21:58:58 -------- d-----w- C:\Program Files (x86)\PowerWorld
    2011-11-29 06:54:28 73064 ----a-w- C:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-11-29 06:54:28 109416 ----a-w- C:\windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-11-29 06:54:28 105832 ----a-w- C:\windows\System32\SQSRVRES.DLL
    2011-11-29 06:06:17 -------- d-----w- C:\Program Files (x86)\Microsoft F#
    2011-11-29 06:06:17 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
    2011-11-28 23:12:18 -------- d-----w- C:\fe3d253329bc916bf1fca656561e17
    2011-11-28 22:30:13 -------- d-----w- C:\windows\System32\catroot2
    2011-11-28 19:03:00 -------- d-----w- C:\682e81cd9c78713a18
    .
    ==================== Find3M ====================
    .
    2011-11-10 11:54:13 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2011-10-24 20:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 20:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
    2011-09-29 16:29:28 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 13:56:18.81 ===============
     
  6. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. defk

    defk TS Rookie Topic Starter

    Here is the aswMBR log:
    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-23 21:47:42
    -----------------------------
    21:47:42.301 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:47:42.301 Number of processors: 2 586 0x170A
    21:47:42.301 ComputerName: FRISCO UserName:
    21:47:43.191 Initialize success
    21:49:51.001 AVAST engine defs: 11122301
    21:50:53.521 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:50:53.521 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
    21:50:53.531 Disk 0 MBR read successfully
    21:50:53.531 Disk 0 MBR scan
    21:50:53.531 Disk 0 Windows VISTA default MBR code
    21:50:53.541 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    21:50:53.551 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294454 MB offset 3074048
    21:50:53.591 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9290 MB offset 606115840
    21:50:53.601 Service scanning
    21:50:54.951 Modules scanning
    21:50:54.951 Disk 0 trace - called modules:
    21:50:54.991 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    21:50:55.001 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800579e060]
    21:50:55.011 3 CLASSPNP.SYS[fffff88001bcd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046c3050]
    21:50:55.921 AVAST engine scan C:\windows
    21:50:58.801 AVAST engine scan C:\windows\system32
    21:51:09.021 File: C:\windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
    21:52:43.812 AVAST engine scan C:\windows\system32\drivers
    21:52:55.342 AVAST engine scan C:\Users\Adekunle Ferreira
    22:38:01.025 AVAST engine scan C:\ProgramData
    22:41:23.426 Scan finished successfully
    22:43:23.566 Disk 0 MBR has been saved successfully to "C:\Users\Adekunle Ferreira\Desktop\MBR.dat"
    22:43:23.576 The log file has been saved successfully to "C:\Users\Adekunle Ferreira\Desktop\aswMBR.txt"


    ComboFix log:
    ComboFix 11-12-23.01 - Adekunle Ferreira 12/23/2011 23:00:30.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.1820 [GMT -6:00]
    Running from: c:\users\Adekunle Ferreira\Desktop\ComboFix.exe
    AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\security\Database\tmp.edb
    c:\windows\system32\consrv.dll
    c:\windows\system32\java.exe
    c:\windows\system32\Thumbs.db
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-24 05:18 . 2011-12-24 05:18 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2011-12-24 05:18 . 2011-12-24 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-24 05:18 . 2011-12-24 05:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-12-21 23:27 . 2011-12-21 23:27 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
    2011-12-21 23:16 . 2011-12-21 23:16 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
    2011-12-21 23:15 . 2011-12-21 23:15 -------- d-----w- c:\users\Guest\AppData\Roaming\Synaptics
    2011-12-20 23:28 . 2011-12-20 23:28 525544 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-20 23:28 . 2011-12-20 23:28 -------- d-----w- c:\program files\Java
    2011-12-20 23:28 . 2011-12-20 23:28 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-12-20 23:23 . 2011-12-20 23:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-20 22:05 . 2011-12-20 22:05 -------- d-----w- c:\users\Adekunle Ferreira\AppData\Roaming\Malwarebytes
    2011-12-20 22:05 . 2011-12-20 22:05 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-20 22:05 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-20 22:05 . 2011-12-20 22:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-12-20 06:50 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3FA4AA6-D513-4A76-B73E-E7DAEC361751}\mpengine.dll
    2011-12-19 10:27 . 2011-12-19 10:27 -------- d-----w- c:\program files\Bonjour
    2011-12-19 10:27 . 2011-12-19 10:27 -------- d-----w- c:\program files (x86)\Bonjour
    2011-12-19 10:22 . 2011-12-19 10:22 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-12-15 22:01 . 2011-12-15 22:01 -------- d-----w- c:\programdata\PreEmptive Solutions
    2011-12-15 21:31 . 2011-12-15 21:31 -------- d-----w- c:\programdata\VS
    2011-12-15 21:29 . 2011-12-15 21:58 -------- d-----w- C:\71c677d143c4b75011d5
    2011-12-15 06:30 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 06:30 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 06:30 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 06:30 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 06:30 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 06:30 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-12-09 13:59 . 2011-12-09 13:59 -------- d-----w- C:\885e8573b04f93b977
    2011-12-08 21:57 . 2011-04-01 00:32 1424944 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2011-12-08 21:57 . 2011-04-01 00:29 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
    2011-12-08 21:57 . 2011-04-01 00:29 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
    2011-12-08 21:57 . 2011-04-01 00:29 225576 ----a-w- c:\windows\system32\SynTPAPI.dll
    2011-12-08 21:57 . 2011-04-01 00:29 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
    2011-12-08 21:57 . 2011-04-01 00:29 274728 ----a-w- c:\windows\system32\SynCtrl.dll
    2011-12-08 21:57 . 2011-04-01 00:29 218408 ----a-w- c:\windows\SysWow64\SynCtrl.dll
    2011-12-08 21:57 . 2011-04-01 00:29 411432 ----a-w- c:\windows\system32\SynCOM.dll
    2011-12-08 21:57 . 2011-04-01 00:29 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
    2011-12-08 21:57 . 2011-12-08 22:02 -------- d-----w- c:\programdata\Synaptics
    2011-12-08 21:57 . 2011-12-08 21:57 -------- d-----w- c:\program files (x86)\Synaptics
    2011-12-01 17:17 . 2011-12-01 17:17 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2011-12-01 17:17 . 2011-12-01 17:17 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2011-12-01 17:16 . 2011-12-01 17:16 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2011-12-01 17:16 . 2011-12-01 17:16 108544 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    2011-12-01 17:16 . 2011-12-01 17:16 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-12-01 17:16 . 2011-12-01 17:16 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-11-30 18:42 . 2011-12-03 22:26 -------- d-----w- C:\00938a5949b251fc3a
    2011-11-29 21:59 . 2011-11-29 21:59 -------- dc-h--w- c:\programdata\{5F59C11A-CDD5-4331-8582-AC69555A7CB0}
    2011-11-29 21:58 . 2011-11-29 21:58 -------- d-----w- c:\program files (x86)\PowerWorld
    2011-11-29 06:54 . 2011-09-23 03:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
    2011-11-29 06:54 . 2011-09-23 03:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-11-29 06:54 . 2011-09-22 23:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-11-29 06:53 . 2011-11-29 06:53 -------- d-----w- c:\program files\Microsoft.NET
    2011-11-29 06:06 . 2011-11-29 06:15 -------- d-----w- c:\program files (x86)\Microsoft F#
    2011-11-29 06:06 . 2011-11-29 06:08 -------- d-----w- c:\program files (x86)\HTML Help Workshop
    2011-11-28 23:12 . 2011-11-28 23:12 -------- d-----w- C:\fe3d253329bc916bf1fca656561e17
    2011-11-28 22:30 . 2011-12-20 23:26 -------- d-----w- c:\windows\system32\catroot2
    2011-11-28 19:03 . 2011-11-28 19:03 -------- d-----w- C:\682e81cd9c78713a18
    2011-11-28 18:52 . 2011-11-28 18:52 -------- d-----w- c:\windows\system32\Macromed
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-20 02:16 . 2011-09-19 06:32 2422528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-11-10 11:54 . 2010-05-23 07:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-09-29 16:29 . 2011-11-09 06:06 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Core Temp"="c:\special program files\CoreTemp64\Core Temp.exe" [2010-03-19 472592]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Facebook Update"="c:\users\Adekunle Ferreira\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-10-16 1364696]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-01 296056]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2009-3-31 296088]
    Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-12-8 45056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 136176]
    R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 136176]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]
    R3 SilvrLnk;SilverLink (USB GraphLink) Cable;c:\windows\system32\DRIVERS\silvrlnk.sys [2009-09-10 129536]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
    R3 TmPfw;OfficeScan NT Firewall;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-01-07 595960]
    R3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-01-07 917768]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
    R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
    S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]
    S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
    S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
    S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2011-07-12 342288]
    S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2011-07-12 42768]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]
    S3 ALSysIO;ALSysIO;c:\users\ADEKUN~1\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    *NewlyCreated* - TMFILTER
    *NewlyCreated* - VSAPINT
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001Core.job
    - c:\users\Adekunle Ferreira\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 03:19]
    .
    2011-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001UA.job
    - c:\users\Adekunle Ferreira\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 03:19]
    .
    2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 16:28]
    .
    2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 16:28]
    .
    2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001Core.job
    - c:\users\Adekunle Ferreira\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 18:49]
    .
    2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001UA.job
    - c:\users\Adekunle Ferreira\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 18:49]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeScanNT Monitor"="-HideWindow" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]
    "combofix"="c:\combofix\CF20604.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.yahoo.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.11.1
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    FF - ProfilePath - c:\users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.startup.homepage - www.msn.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Netrek XP 2010 v1.0 - c:\program files\Netrek\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\SafeConnect\scManager.sys
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Synaptics\Scrybe\scrybe.exe
    c:\program files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-23 23:52:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-24 05:51
    .
    Pre-Run: 165,237,612,544 bytes free
    Post-Run: 169,153,040,384 bytes free
    .
    - - End Of File - - 7A949859B415AA7F699AE0DCC27B7C7C
     
  8. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. defk

    defk TS Rookie Topic Starter

    The computer is doing a lot better; it's definitely not getting hot the way it was before! Here are the logs from OTL:

    OTL log:
    OTL logfile created on: 12/24/2011 12:44:37 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adekunle Ferreira\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.24% Memory free
    7.74 Gb Paging File | 6.02 Gb Available in Paging File | 77.79% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.55 Gb Total Space | 156.07 Gb Free Space | 54.28% Space Free | Partition Type: NTFS

    Computer Name: FRISCO | User Name: Adekunle Ferreira | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/24 00:38:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adekunle Ferreira\Desktop\OTL.exe
    PRC - [2011/12/01 11:16:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/09/01 16:21:36 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
    PRC - [2011/09/01 16:21:35 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
    PRC - [2011/05/27 15:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
    PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    PRC - [2011/02/11 07:41:30 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2010/11/17 10:36:52 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
    PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/03/31 18:29:46 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/09/17 14:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/08/11 18:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2009/08/05 16:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/08/04 13:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009/07/07 11:38:24 | 000,065,904 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
    SRV:64bit: - [2009/03/27 20:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2008/07/29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV - [2011/10/21 17:21:35 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/09/01 16:21:35 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
    SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
    SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2011/02/11 07:41:30 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/10/14 16:40:22 | 002,002,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
    SRV - [2010/10/14 16:30:30 | 001,938,424 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/07 10:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
    SRV - [2010/01/07 10:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
    SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
    SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
    DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 07:27:38 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/08 18:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2010/07/21 13:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
    DRV:64bit: - [2010/07/21 13:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
    DRV:64bit: - [2010/04/26 16:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2010/04/22 06:22:50 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)
    DRV:64bit: - [2009/09/10 09:28:26 | 000,129,536 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silvrlnk.sys -- (SilvrLnk) SilverLink (USB GraphLink)
    DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV:64bit: - [2009/09/02 03:45:38 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
    DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/08/05 21:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2009/07/21 16:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
    DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2007/04/09 09:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
    DRV - [2011/07/12 09:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
    DRV - [2011/07/12 09:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
    DRV - [2011/07/12 09:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2004/01/28 14:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SilvrLnk.sys -- (SilvrLnk) SilverLink (USB GraphLink)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    IE - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.msn.com"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Adekunle Ferreira\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adekunle Ferreira\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adekunle Ferreira\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/19 04:09:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\components [2011/12/19 04:31:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/19 04:31:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/19 04:31:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/19 04:31:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2011/04/17 17:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Extensions
    [2011/04/17 17:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/12/12 19:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\extensions
    [2010/05/16 16:18:58 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    [2011/12/12 19:06:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/11/10 22:44:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/04/18 19:33:42 | 000,000,000 | ---D | M] (Ovi Maps 3D browser plugin) -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\extensions\maps@ovi.com
    [2010/10/20 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\extensions\nostmp
    [2010/11/25 15:45:12 | 000,001,832 | ---- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\searchplugins\bing.xml
    [2010/11/13 16:30:35 | 000,001,635 | ---- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\searchplugins\firefox-add-ons.xml
    [2010/11/13 16:30:27 | 000,008,611 | ---- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\searchplugins\justintv.xml
    [2010/04/07 03:08:26 | 000,001,420 | ---- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\searchplugins\the-hype-machine.xml
    [2010/03/19 23:09:37 | 000,002,006 | ---- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\searchplugins\urban-dictionary.xml
    [2010/05/16 16:51:06 | 000,001,196 | ---- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\searchplugins\winamp-search.xml
    [2011/12/15 20:44:21 | 000,001,997 | ---- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\searchplugins\wolframalpha.xml
    [2010/03/20 01:04:41 | 000,002,057 | ---- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\prvl3l3v.default\searchplugins\youtube-video-search.xml
    [2011/12/20 17:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/11/28 16:36:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/12/20 17:27:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    [2011/12/19 04:09:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    () (No name found) -- C:\USERS\ADEKUNLE FERREIRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PRVL3L3V.DEFAULT\EXTENSIONS\SOCIALITE@CHROMAKODE.XPI
    [2011/11/09 00:31:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/12/09 04:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2011/10/23 01:08:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/09 00:31:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Adekunle Ferreira\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_0\
    CHR - Extension: Isle of Tune = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\bljldflafhmbedhjnlncilbhfcnfabgb\1_0\
    CHR - Extension: Speechify = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\dalapoeljdklkcfjkecafidnojkfpohn\1.3_0\
    CHR - Extension: Chrome Remote Desktop BETA = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\1.2.20152.18922_0\
    CHR - Extension: Chaufr = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\glamaiibdeepedcgjdkhdbnmacpfkgje\1.0.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Skype Click to Call = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: Poppit = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: Observing Space Theme (Aero) = C:\Users\Adekunle Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfdpjglpkdokdgdidgbabkaojencibdp\1.0_0\

    O1 HOSTS File: ([2011/12/23 23:21:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001..\Run: [Core Temp] C:\Special Program Files\CoreTemp64\Core Temp.exe ()
    O4 - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001..\Run: [Facebook Update] C:\Users\Adekunle Ferreira\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2356330738-2839853948-1364125998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09528C48-0B8B-4F83-A403-163983A160DE}: DhcpNameServer = 192.168.11.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3DC76B2-CF0F-43CB-9AC3-8DD647FC52D4}: DhcpNameServer = 129.130.254.2 129.130.254.3
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/24 00:38:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Adekunle Ferreira\Desktop\OTL.exe
    [2011/12/23 23:22:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/12/23 22:57:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2011/12/23 22:57:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2011/12/23 22:57:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2011/12/23 22:57:07 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2011/12/23 22:54:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/23 21:42:01 | 004,350,311 | R--- | C] (Swearware) -- C:\Users\Adekunle Ferreira\Desktop\ComboFix.exe
    [2011/12/23 21:41:47 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Adekunle Ferreira\Desktop\aswMBR.exe
    [2011/12/23 13:49:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Adekunle Ferreira\Desktop\dds.scr
    [2011/12/21 00:41:32 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adekunle Ferreira\Desktop\tdsskiller.exe
    [2011/12/21 00:33:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Adekunle Ferreira\Desktop\HijackThis.exe
    [2011/12/20 17:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/12/20 17:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/12/20 16:05:26 | 000,000,000 | ---D | C] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Malwarebytes
    [2011/12/20 16:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/20 16:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/20 16:05:03 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2011/12/20 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/12/20 16:01:19 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Adekunle Ferreira\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/12/19 04:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/12/19 04:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/12/19 04:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/12/19 04:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/12/19 04:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2011/12/15 16:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
    [2011/12/15 15:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
    [2011/12/15 15:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
    [2011/12/15 15:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
    [2011/12/15 15:29:15 | 000,000,000 | ---D | C] -- C:\71c677d143c4b75011d5
    [2011/12/09 07:59:01 | 000,000,000 | ---D | C] -- C:\885e8573b04f93b977
    [2011/12/08 15:57:34 | 001,424,944 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\drivers\SynTP.sys
    [2011/12/08 15:57:34 | 000,411,432 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynCOM.dll
    [2011/12/08 15:57:34 | 000,274,728 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynCtrl.dll
    [2011/12/08 15:57:34 | 000,225,576 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPAPI.dll
    [2011/12/08 15:57:34 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCtrl.dll
    [2011/12/08 15:57:34 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCOM.dll
    [2011/12/08 15:57:34 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPCo9.dll
    [2011/12/08 15:57:34 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynTPCOM.dll
    [2011/12/08 15:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
    [2011/12/08 15:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
    [2011/12/08 15:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synaptics
    [2011/12/01 11:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2011/12/01 11:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
    [2011/12/01 11:16:37 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
    [2011/11/30 12:42:34 | 000,000,000 | ---D | C] -- C:\00938a5949b251fc3a
    [2011/11/29 15:59:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5F59C11A-CDD5-4331-8582-AC69555A7CB0}
    [2011/11/29 15:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerWorld
    [2011/11/29 15:58:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerWorld
    [2011/11/29 15:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2011/11/29 00:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2011/11/29 00:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
    [2011/11/29 00:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
    [2011/11/29 00:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
    [2011/11/28 17:12:18 | 000,000,000 | ---D | C] -- C:\fe3d253329bc916bf1fca656561e17
    [2011/11/28 16:30:13 | 000,000,000 | ---D | C] -- C:\windows\SysNative\catroot2
    [2011/11/28 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Adekunle Ferreira\Desktop\Win7Pro
    [2011/11/28 13:03:00 | 000,000,000 | ---D | C] -- C:\682e81cd9c78713a18
    [2011/11/28 12:52:03 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
  10. defk

    defk TS Rookie Topic Starter

    OTL log continued:
    ========== Files - Modified Within 30 Days ==========

    [2011/12/24 00:38:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adekunle Ferreira\Desktop\OTL.exe
    [2011/12/23 23:52:03 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/23 23:50:03 | 000,000,956 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001UA.job
    [2011/12/23 23:28:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/23 23:28:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/23 23:21:56 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2011/12/23 23:21:14 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/23 23:20:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/12/23 23:20:19 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/23 22:43:23 | 000,000,512 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\MBR.dat
    [2011/12/23 22:24:05 | 000,000,976 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001UA.job
    [2011/12/23 22:24:00 | 000,000,954 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001Core.job
    [2011/12/23 21:50:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001Core.job
    [2011/12/23 21:44:25 | 001,040,452 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2011/12/23 21:44:25 | 000,850,582 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2011/12/23 21:44:25 | 000,187,060 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2011/12/23 21:38:12 | 001,008,141 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\rkill.exe
    [2011/12/23 21:37:50 | 001,008,141 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\rkill.scr
    [2011/12/23 21:37:26 | 001,008,141 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\rkill.com
    [2011/12/23 21:36:42 | 004,350,311 | R--- | M] (Swearware) -- C:\Users\Adekunle Ferreira\Desktop\ComboFix.exe
    [2011/12/23 21:35:56 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Adekunle Ferreira\Desktop\aswMBR.exe
    [2011/12/23 13:49:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Adekunle Ferreira\Desktop\dds.scr
    [2011/12/22 00:32:56 | 000,302,592 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\pgtfg83m.exe
    [2011/12/21 00:49:39 | 000,017,530 | ---- | M] () -- C:\windows\cfgall.ini
    [2011/12/21 00:41:35 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adekunle Ferreira\Desktop\tdsskiller.exe
    [2011/12/21 00:33:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Adekunle Ferreira\Desktop\HijackThis.exe
    [2011/12/20 16:03:54 | 018,798,648 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\SAS_9297.COM
    [2011/12/20 16:01:56 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Adekunle Ferreira\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/12/20 15:57:26 | 000,001,205 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\FixNCR.reg
    [2011/12/20 15:53:39 | 000,009,622 | -HS- | M] () -- C:\Users\Adekunle Ferreira\AppData\Local\318064a7e620p822q154a8bok2n0
    [2011/12/20 15:53:39 | 000,009,622 | -HS- | M] () -- C:\ProgramData\318064a7e620p822q154a8bok2n0
    [2011/12/20 13:23:15 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/12/19 04:28:09 | 000,002,515 | ---- | M] () -- C:\Users\Adekunle Ferreira\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/12/18 22:40:36 | 000,009,756 | -HS- | M] () -- C:\Users\Adekunle Ferreira\AppData\Local\863223t0r000q888l664b1yal5g2
    [2011/12/18 22:40:36 | 000,009,756 | -HS- | M] () -- C:\ProgramData\863223t0r000q888l664b1yal5g2
    [2011/12/18 21:05:06 | 000,001,623 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\Santa Claus...........with a difference _).png
    [2011/12/16 16:37:24 | 000,758,081 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\SimpleCraft_V10.1 New Ores.zip
    [2011/12/15 03:49:40 | 000,431,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2011/12/08 15:57:03 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2011/12/08 12:20:07 | 000,000,856 | ---- | M] () -- C:\Users\Adekunle Ferreira\.recently-used.xbel
    [2011/12/01 11:16:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
    [2011/11/29 16:04:04 | 000,001,664 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\Power World 15.lnk
    [2011/11/28 16:54:13 | 001,034,668 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/23 22:57:13 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2011/12/23 22:57:13 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2011/12/23 22:57:13 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2011/12/23 22:57:13 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2011/12/23 22:57:13 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2011/12/23 22:43:23 | 000,000,512 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\MBR.dat
    [2011/12/23 21:42:19 | 001,008,141 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\rkill.com
    [2011/12/23 21:41:36 | 001,008,141 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\rkill.scr
    [2011/12/23 21:41:16 | 001,008,141 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\rkill.exe
    [2011/12/22 00:32:53 | 000,302,592 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\pgtfg83m.exe
    [2011/12/20 16:02:08 | 018,798,648 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\SAS_9297.COM
    [2011/12/20 15:57:25 | 000,001,205 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\FixNCR.reg
    [2011/12/20 15:48:29 | 000,009,622 | -HS- | C] () -- C:\Users\Adekunle Ferreira\AppData\Local\318064a7e620p822q154a8bok2n0
    [2011/12/20 15:48:29 | 000,009,622 | -HS- | C] () -- C:\ProgramData\318064a7e620p822q154a8bok2n0
    [2011/12/20 13:23:15 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/12/18 22:35:30 | 000,009,756 | -HS- | C] () -- C:\Users\Adekunle Ferreira\AppData\Local\863223t0r000q888l664b1yal5g2
    [2011/12/18 22:35:30 | 000,009,756 | -HS- | C] () -- C:\ProgramData\863223t0r000q888l664b1yal5g2
    [2011/12/18 21:04:52 | 000,001,623 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\Santa Claus...........with a difference _).png
    [2011/12/16 16:37:20 | 000,758,081 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\SimpleCraft_V10.1 New Ores.zip
    [2011/12/08 15:57:34 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
    [2011/12/08 15:57:03 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2011/12/08 12:20:07 | 000,000,856 | ---- | C] () -- C:\Users\Adekunle Ferreira\.recently-used.xbel
    [2011/11/29 16:03:36 | 000,001,664 | ---- | C] () -- C:\Users\Adekunle Ferreira\Desktop\Power World 15.lnk
    [2011/09/22 19:48:04 | 000,000,600 | ---- | C] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\winscp.rnd
    [2011/04/19 20:23:32 | 000,007,605 | ---- | C] () -- C:\Users\Adekunle Ferreira\AppData\Local\Resmon.ResmonCfg
    [2011/03/06 18:39:25 | 000,000,179 | ---- | C] () -- C:\windows\OB1.INI
    [2010/11/05 00:53:17 | 001,034,668 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2010/10/01 12:47:37 | 000,000,020 | -HS- | C] () -- C:\windows\WINPROD.DLL
    [2010/08/30 21:58:11 | 000,005,378 | ---- | C] () -- C:\windows\PSPICEEV.INI
    [2010/08/30 21:58:06 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\lffax60n.dll
    [2010/08/30 21:58:06 | 000,141,824 | ---- | C] () -- C:\windows\SysWow64\lfcmp60n.dll
    [2010/08/30 21:58:06 | 000,110,080 | ---- | C] () -- C:\windows\SysWow64\lfpng60n.dll
    [2010/08/30 21:58:06 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\lftif60n.dll
    [2010/08/30 21:58:06 | 000,043,008 | ---- | C] () -- C:\windows\SysWow64\ltfil60n.dll
    [2010/08/30 21:58:06 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\lfpcx60n.dll
    [2010/08/30 21:58:06 | 000,022,528 | ---- | C] () -- C:\windows\SysWow64\lfpct60n.dll
    [2010/08/30 21:58:06 | 000,022,528 | ---- | C] () -- C:\windows\SysWow64\lfeps60n.dll
    [2010/08/30 21:58:06 | 000,022,016 | ---- | C] () -- C:\windows\SysWow64\lfbmp60n.dll
    [2010/08/30 21:58:06 | 000,020,480 | ---- | C] () -- C:\windows\SysWow64\lfpsd60n.dll
    [2010/08/30 21:58:06 | 000,019,968 | ---- | C] () -- C:\windows\SysWow64\lftga60n.dll
    [2010/08/30 21:58:06 | 000,019,456 | ---- | C] () -- C:\windows\SysWow64\lfwpg60n.dll
    [2010/08/30 21:58:06 | 000,019,456 | ---- | C] () -- C:\windows\SysWow64\lfwmf60n.dll
    [2010/08/30 21:58:06 | 000,018,432 | ---- | C] () -- C:\windows\SysWow64\lfmsp60n.dll
    [2010/08/30 21:58:06 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\lfmac60n.dll
    [2010/08/30 21:58:06 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\implode.dll
    [2010/08/30 21:56:38 | 000,000,280 | ---- | C] () -- C:\windows\_delis32.ini
    [2010/06/13 13:53:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/05/31 15:34:16 | 000,000,281 | ---- | C] () -- C:\windows\EReg072.dat
    [2010/03/22 14:26:58 | 000,017,530 | ---- | C] () -- C:\windows\cfgall.ini
    [2010/03/19 17:09:45 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
    [2010/03/19 17:09:45 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
    [2010/03/19 17:09:45 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
    [2010/03/19 17:09:45 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
    [2010/03/19 17:09:45 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
    [2010/03/19 17:09:45 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
    [2010/03/19 17:09:45 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
    [2010/03/19 17:09:44 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
    [2010/03/19 17:09:44 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
    [2010/03/19 17:09:44 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
    [2010/03/19 17:09:44 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
    [2010/03/19 17:09:44 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
    [2010/03/19 17:09:44 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
    [2010/03/19 17:09:44 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
    [2010/03/19 17:09:44 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
    [2010/03/19 17:09:44 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
    [2010/03/19 17:06:58 | 000,000,044 | ---- | C] () -- C:\windows\EPNX100.ini
    [2010/01/31 04:32:44 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
    [2009/10/16 16:30:42 | 000,434,352 | ---- | C] () -- C:\windows\SysWow64\PEUSBMGR.dll
    [2009/10/16 16:30:32 | 000,408,240 | ---- | C] () -- C:\windows\SysWow64\peusba05.dll
    [2009/10/16 16:28:58 | 000,009,984 | ---- | C] () -- C:\windows\SysWow64\drivers\vichw11.sys
    [2009/10/16 16:28:46 | 000,028,080 | ---- | C] () -- C:\windows\SysWow64\drivers\pedrv.sys
    [2009/10/16 16:28:34 | 000,010,032 | ---- | C] () -- C:\windows\SysWow64\drivers\GIVEIO.SYS
    [2009/08/27 10:05:12 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
    [2009/08/27 10:05:12 | 000,439,300 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
    [2009/08/27 10:05:12 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
    [2009/08/27 10:05:12 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
    [2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
    [2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\windows\lsb_un20.exe

    ========== LOP Check ==========

    [2011/12/21 02:00:32 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\.minecraft
    [2011/12/23 21:40:48 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\.purple
    [2010/04/28 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Amazon
    [2011/11/12 23:08:43 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Audacity
    [2010/04/13 18:32:16 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/04/18 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\COWON
    [2011/07/16 23:58:05 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\enchant
    [2010/04/25 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\EPSON
    [2011/12/19 20:17:14 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\foobar2000
    [2011/08/14 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\go
    [2011/12/20 02:17:09 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\gtk-2.0
    [2011/04/30 19:31:22 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\InfraRecorder
    [2010/03/21 19:54:45 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Leadertech
    [2011/06/07 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Mp3tag
    [2011/12/19 04:09:55 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Notepad++
    [2010/11/13 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\PeaZip
    [2011/10/17 17:34:18 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\PowerWorld
    [2010/09/17 23:35:11 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\SecondLife
    [2010/04/02 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\smc
    [2010/07/14 18:56:55 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Stellarium
    [2011/12/08 16:02:09 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Synaptics
    [2010/03/20 00:26:32 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Thunderbird
    [2010/04/13 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\Toshiba
    [2010/03/19 12:38:40 | 000,000,000 | ---D | M] -- C:\Users\Adekunle Ferreira\AppData\Roaming\WinBatch
    [2011/05/04 00:38:29 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\.minecraft
    [2011/12/21 17:15:51 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics
    [2010/03/21 12:29:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba
    [2011/12/23 22:24:00 | 000,000,954 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001Core.job
    [2011/12/23 22:24:05 | 000,000,976 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2356330738-2839853948-1364125998-1001UA.job
    [2011/09/14 18:20:37 | 000,032,556 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/11/13 11:41:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/12/23 23:52:25 | 000,024,297 | ---- | M] () -- C:\ComboFix.txt
    [2011/12/23 23:20:19 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/23 23:20:24 | 4156,542,976 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/19 16:23:23 | 000,000,221 | -HS- | M] () -- C:\Users\Adekunle Ferreira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/23 21:35:56 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Adekunle Ferreira\Desktop\aswMBR.exe
    [2011/12/20 04:12:09 | 000,606,544 | ---- | M] (Google Inc.) -- C:\Users\Adekunle Ferreira\Desktop\ChromeSetup.exe
    [2011/12/23 21:36:42 | 004,350,311 | R--- | M] (Swearware) -- C:\Users\Adekunle Ferreira\Desktop\ComboFix.exe
    [2011/12/21 00:33:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Adekunle Ferreira\Desktop\HijackThis.exe
    [2011/12/20 16:59:43 | 017,268,512 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Adekunle Ferreira\Desktop\jre-6u30-windows-x64.exe
    [2011/12/20 16:56:13 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Adekunle Ferreira\Desktop\jxpiinstall.exe
    [2011/12/20 16:01:56 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Adekunle Ferreira\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/12/24 00:38:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adekunle Ferreira\Desktop\OTL.exe
    [2011/12/22 00:32:56 | 000,302,592 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\pgtfg83m.exe
    [2011/12/23 21:38:12 | 001,008,141 | ---- | M] () -- C:\Users\Adekunle Ferreira\Desktop\rkill.exe
    [2011/12/21 00:41:35 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adekunle Ferreira\Desktop\tdsskiller.exe
    [2011/12/20 16:51:08 | 000,248,480 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Adekunle Ferreira\Desktop\uninstall_flash_player_32bit.exe
    [2011/12/20 16:51:11 | 000,462,496 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Adekunle Ferreira\Desktop\uninstall_flash_player_64bit.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/03/06 19:53:00 | 000,008,192 | ---- | M] () -- C:\windows\SECURITY\Database\edb.chk
    [2011/03/06 19:53:00 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edb.log
    [2010/03/19 13:47:13 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edbres00001.jrs
    [2010/03/19 13:47:13 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/11/28 16:59:23 | 000,000,402 | -HS- | M] () -- C:\Users\Adekunle Ferreira\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/12/20 15:53:39 | 000,009,622 | -HS- | M] () -- C:\ProgramData\318064a7e620p822q154a8bok2n0
    [2011/12/18 22:40:36 | 000,009,756 | -HS- | M] () -- C:\ProgramData\863223t0r000q888l664b1yal5g2

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "RescheduleWaitTime" = 4
    "NoAutoRebootWithLoggedOnUsers" = 0
    "NoAutoUpdate" = 0
    "AUOptions" = 4
    "AUState" = 2
    "ScheduledInstallDay" = 0
    "ScheduledInstallTime" = 3
    "UseWUServer" = 0

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  11. defk

    defk TS Rookie Topic Starter

    Extras log:
    OTL Extras logfile created on: 12/24/2011 12:44:37 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adekunle Ferreira\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.24% Memory free
    7.74 Gb Paging File | 6.02 Gb Available in Paging File | 77.79% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.55 Gb Total Space | 156.07 Gb Free Space | 54.28% Space Free | Partition Type: NTFS

    Computer Name: FRISCO | User Name: Adekunle Ferreira | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2356330738-2839853948-1364125998-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PeaZip] -- Reg Error: Value error.
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PeaZip] -- Reg Error: Value error.
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
    "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
    "{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.4
    "{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
    "EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
    "EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "LTMOH" = LSI V92 MOH Application
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "WinGimp-2.0_is1" = GIMP 2.6.8

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
    "{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}" = LEGO® MINDSTORMS® NXT - English Language Pack
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{57BBB1AD-A239-4B05-86F5-3D138A0CFEE8}" = PureVoice
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{5EF2B896-B1C1-46E8-83AD-4F940B7A5982}" = MathGV 4
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6742BE3D-1A59-3BFD-BA20-2FDA866099B8}" = Microsoft Visual Studio 2010 Premium - ENU
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7D01E5CD-9CFE-4A97-B8EE-7B14109FB387}" = PowerWorld Simulator GSO Education Edition
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{88F7CB88-F733-4F73-AC0A-7A8F8F8157A0}" = P&E Device Drivers
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.6
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
    "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
    "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}" = LEGO® MINDSTORMS® NXT Driver
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
    "Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CW for MCU v10.0" = CodeWarrior for Microcontrollers v10.0
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "foobar2000" = foobar2000 v1.1.10
    "GNU Aspell_is1" = GNU Aspell 0.50-3
    "GT Interactive - Driver" = GT Interactive - Driver
    "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Joystick 2 Mouse 3" = Joystick 2 Mouse 3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "Microsoft Visual Studio 2010 Premium - ENU" = Microsoft Visual Studio 2010 Premium - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mobile Witch Remote Control" = Mobile Witch Remote Control
    "Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "Mozilla Thunderbird (3.1.12)" = Mozilla Thunderbird (3.1.12)
    "Mp3tag" = Mp3tag v2.49
    "Netrek XP 2010 v1.0" = Netrek XP 2010 v1.0
    "Notepad++" = Notepad++
    "OfficeScanNT" = Trend Micro OfficeScan Client
    "Pidgin" = Pidgin
    "PowerWorld Simulator GSO Education Edition" = PowerWorld Simulator GSO Education Edition
    "PSpice Student" = PSpice Student 9.1
    "RealPlayer 15.0" = RealPlayer
    "SafeConnect" = SafeConnect
    "SecondLife" = SecondLife (remove only)
    "SecondLifeViewer2" = SecondLifeViewer2 (remove only)
    "secretmaryo" = Secret Maryo Chronicles
    "secretmaryo_music" = Secret Maryo Chronicles Music Pack
    "SimCity 3000" = SimCity 3000
    "SMPlayer" = SMPlayer 0.6.9
    "Steam App 12910" = Audiosurf Demo
    "Steam App 400" = Portal
    "Steam App 4330" = Star Trek: D·A·C - Demo
    "Stellarium_is1" = Stellarium 0.10.4
    "Tunatic" = Tunatic
    "VegaStrike-0.5.0" = VegaStrike 5.0
    "VLC media player" = VLC media player 1.1.11
    "Winamp" = Winamp
    "Winamp Toolbar" = Winamp Toolbar
    "WinLiveSuite" = Windows Live Essentials
    "winscp3_is1" = WinSCP 4.3.5
    "Write-N-Cite" = Write-N-Cite
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2356330738-2839853948-1364125998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "222b0185185e5fb6" = Minecraft Backup Assistant
    "Game Organizer" = EasyBits GO
    "Google Chrome" = Google Chrome
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/22/2011 2:32:08 AM | Computer Name = Frisco | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/22/2011 9:53:19 PM | Computer Name = Frisco | Source = Google Update | ID = 20
    Description =

    Error - 12/23/2011 3:38:08 PM | Computer Name = Frisco | Source = Google Update | ID = 20
    Description =

    Error - 12/23/2011 11:03:52 PM | Computer Name = Frisco | Source = Google Update | ID = 20
    Description =

    Error - 12/23/2011 11:24:23 PM | Computer Name = Frisco | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/23/2011 11:30:18 PM | Computer Name = Frisco | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 12/24/2011 12:24:05 AM | Computer Name = Frisco | Source = Google Update | ID = 20
    Description =

    Error - 12/24/2011 12:57:16 AM | Computer Name = Frisco | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/24/2011 2:30:12 AM | Computer Name = Frisco | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/24/2011 2:31:43 AM | Computer Name = Frisco | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    [ Cisco AnyConnect VPN Client Events ]
    Error - 12/24/2011 1:21:32 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
    Line:
    1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
    (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
    not contact target

    Error - 12/24/2011 1:21:32 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
    856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
    Description:
    NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

    Error - 12/24/2011 1:21:32 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
    190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
    Description:
    NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

    Error - 12/24/2011 1:22:02 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: URL::URL File: .\Utility\URL.cpp Line: 36 Invoked Function:
    URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL

    Error - 12/24/2011 1:22:10 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
    Line:
    1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
    -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

    Error - 12/24/2011 1:22:10 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
    Line:
    254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
    (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

    Error - 12/24/2011 1:22:10 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
    Line:
    1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
    (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

    Error - 12/24/2011 1:22:10 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
    Line:
    1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
    (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
    not contact target

    Error - 12/24/2011 1:22:10 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
    856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
    Description:
    NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

    Error - 12/24/2011 1:22:10 AM | Computer Name = Frisco | Source = vpnagent | ID = 67108866
    Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
    190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
    Description:
    NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

    [ OSession Events ]
    Error - 4/11/2011 10:13:31 PM | Computer Name = Frisco | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/23/2011 7:27:24 PM | Computer Name = Frisco | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/3/2011 7:03:57 PM | Computer Name = Frisco | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/3/2011 7:05:24 PM | Computer Name = Frisco | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/7/2011 12:30:29 AM | Computer Name = Frisco | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 351
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 11/18/2011 10:57:49 PM | Computer Name = Frisco | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 2/11/2011 6:27:19 PM | Computer Name = Frisco | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter
    (KB2492475).

    Error - 2/12/2011 5:02:03 AM | Computer Name = Frisco | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter
    (KB2492475).

    Error - 2/12/2011 6:07:24 PM | Computer Name = Frisco | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter
    (KB2492475).

    Error - 2/12/2011 6:08:31 PM | Computer Name = Frisco | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter
    (KB2492475).

    Error - 2/13/2011 5:10:10 AM | Computer Name = Frisco | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Wlansvc service.

    Error - 2/13/2011 5:12:34 AM | Computer Name = Frisco | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter
    (KB2492475).

    Error - 2/16/2011 2:17:18 AM | Computer Name = Frisco | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Wlansvc service.

    Error - 2/19/2011 12:27:06 AM | Computer Name = Frisco | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the EFS service.

    Error - 2/19/2011 3:18:05 PM | Computer Name = Frisco | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 2/23/2011 8:23:28 PM | Computer Name = Frisco | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.


    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
      O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
      [2011/12/20 15:53:39 | 000,009,622 | -HS- | M] () -- C:\Users\Adekunle Ferreira\AppData\Local\318064a7e620p822q154a8bok2n0
      [2011/12/20 15:53:39 | 000,009,622 | -HS- | M] () -- C:\ProgramData\318064a7e620p822q154a8bok2n0
      [2011/12/18 22:40:36 | 000,009,756 | -HS- | M] () -- C:\Users\Adekunle Ferreira\AppData\Local\863223t0r000q888l664b1yal5g2
      [2011/12/18 22:40:36 | 000,009,756 | -HS- | M] () -- C:\ProgramData\863223t0r000q888l664b1yal5g2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. defk

    defk TS Rookie Topic Starter

    Here are the logs:

    OTL:
    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
    Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    C:\Users\Adekunle Ferreira\AppData\Local\318064a7e620p822q154a8bok2n0 moved successfully.
    C:\ProgramData\318064a7e620p822q154a8bok2n0 moved successfully.
    C:\Users\Adekunle Ferreira\AppData\Local\863223t0r000q888l664b1yal5g2 moved successfully.
    C:\ProgramData\863223t0r000q888l664b1yal5g2 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Adekunle Ferreira
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 21673845 bytes
    ->Java cache emptied: 1 bytes
    ->FireFox cache emptied: 364595558 bytes
    ->Google Chrome cache emptied: 48449822 bytes
    ->Flash cache emptied: 3153193 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 51121154 bytes
    ->Java cache emptied: 3768781 bytes
    ->FireFox cache emptied: 43924094 bytes
    ->Google Chrome cache emptied: 6323595 bytes
    ->Flash cache emptied: 44439 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 889314 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10649600 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 529.00 mb


    [EMPTYFLASH]

    User: Adekunle Ferreira
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12242011_123247

    Files\Folders moved on Reboot...
    C:\Users\Adekunle Ferreira\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...


    Security Check:
    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Trend Micro OfficeScan Client
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    Mozilla Firefox (x86 en-US..)
    Mozilla Thunderbird (3.1.12) Thunderbird Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Trend Micro OfficeScan Client pccntmon.exe
    Trend Micro OfficeScan Client ntrtscan.exe
    Trend Micro OfficeScan Client tmlisten.exe
    Trend Micro OfficeScan Client CNTAoSMgr.exe
    Trend Micro OfficeScan Client Temp pccntupd.exe
    Trend Micro OfficeScan Client TmProxy.exe
    ``````````End of Log````````````


    ESET:
    C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
    C:\Users\Adekunle Ferreira\Desktop\Auxiliary Desktop\old comp\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined
    C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
     
  14. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  15. defk

    defk TS Rookie Topic Starter

    Thanks so much for helping me with these problems, especially during the holiday season! The computer is running much better now. The log from the last scan is below, and I'll definitely be making a donation tonight! Happy holidays!

    OTL log:
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Adekunle Ferreira
    ->Temp folder emptied: 10773 bytes
    ->Temporary Internet Files folder emptied: 59114 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 12837022 bytes
    ->Google Chrome cache emptied: 9205481 bytes
    ->Flash cache emptied: 663 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66016 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 21.00 mb


    [EMPTYFLASH]

    User: Adekunle Ferreira
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.31.0 log created on 12242011_214943

    Files\Folders moved on Reboot...
    C:\Users\Adekunle Ferreira\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  16. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Way to go!! [​IMG]
    Good luck and stay safe :)

    [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.