TechSpot

Requesting help, Similar to DamianN7's Issue

Inactive-A
By RileyMcD
Jun 23, 2013
  1. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Still with me?
     
  2. RileyMcD

    RileyMcD TS Rookie Topic Starter Posts: 25

    Current Issues are minimal/non-existent (y) I just gained assess to said computer that was infected, Thank you for your patience, I will begin running the Adware Cleane, Junk Removal tool and OTL. I'm looking forward to maximizing this computer's performance. Thank you yet again Broni
     
  3. RileyMcD

    RileyMcD TS Rookie Topic Starter Posts: 25

    AdwCleaner Log

    # AdwCleaner v2.303 - Logfile created 06/29/2013 at 12:25:40
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\OApps
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Owner\AppData\Local\Babylon
    Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
    Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Conduit

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\ShopToWin
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Software
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN33612886651136735&UM=2&ctid=CT3287375 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111442&tt=290412_3_ppcb&babsrc=NT_ss&mntrId=5ef8e32400000000000064d4da1d5ec2 --> hxxp://www.google.com

    -\\ Google Chrome v27.0.1453.116

    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [3915 octets] - [29/06/2013 12:25:40]


    ########## EOF - C:\AdwCleaner[S1].txt - [3975 octets] ##########
     
  4. RileyMcD

    RileyMcD TS Rookie Topic Starter Posts: 25

    JRT Log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Owner on Sat 06/29/2013 at 12:35:34.86
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3499E304-F149-4657-BD68-BAC403DB534E}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_current_user\software\policies\google\chrome\extensioninstallforcelist



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 06/29/2013 at 12:52:02.16
    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  5. RileyMcD

    RileyMcD TS Rookie Topic Starter Posts: 25

    OTL Log

    OTL logfile created on: 6/29/2013 12:55:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 63.67% Memory free
    7.61 Gb Paging File | 5.87 Gb Available in Paging File | 77.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.96 Gb Total Space | 402.29 Gb Free Space | 88.42% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/29 12:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
    PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/01/08 22:09:59 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
    PRC - [2011/10/19 11:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
    PRC - [2010/07/11 19:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/06/18 16:15:54 | 006,181,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2013/06/18 16:15:30 | 000,158,936 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2010/07/22 17:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/06/29 12:05:02 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/04/23 19:08:32 | 000,259,440 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/03/05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/12/29 13:07:54 | 000,911,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV:64bit: - [2009/12/29 13:02:46 | 000,404,992 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV:64bit: - [2009/10/21 10:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
    SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/08 22:09:59 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
    SRV - [2011/10/19 11:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
    SRV - [2010/07/11 19:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/11/18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/06/18 16:16:08 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/05/23 13:09:30 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
    DRV:64bit: - [2011/05/23 13:09:30 | 000,056,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/07/29 03:40:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/07/12 06:40:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2010/06/21 16:15:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/05/31 13:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
    DRV:64bit: - [2010/05/08 19:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2010/04/27 17:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/27 06:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/12/22 22:37:22 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
    DRV:64bit: - [2009/12/22 22:37:16 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
    DRV:64bit: - [2009/12/22 22:37:14 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
    DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
    DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{ED12DA08-0F2B-4CEA-B51B-6438B41F638A}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{94B8D5AA-BD2C-44E8-BDB1-6E70AF784874}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\..\SearchScopes\{24E655F6-6F10-4C93-A5FA-AC861ECD1526}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Simple Adblock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgpjglmaolmnjafhcnnghdokmblhhnj\1.0.6_0\
    CHR - Extension: Simple Adblock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo\1.0.9_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2012/01/30 14:06:40 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe File not found
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe File not found
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000..\Run: [] File not found
    O4 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000..\RunOnce: [mctadmin] "C:\Windows\System32\mctadmin.exe" File not found
    O4 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/29 12:35:31 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2013/06/29 12:34:48 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/23 19:09:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Quarantine
    [2013/06/23 19:09:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/06/23 18:38:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2013/06/23 18:38:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2013/06/23 18:38:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2013/06/23 17:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/06/23 16:40:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/06/23 16:38:10 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2013/06/23 16:33:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2013/06/23 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/06/23 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/06/23 16:33:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013/06/23 16:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/06/23 15:22:37 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/06/23 15:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2013/06/23 15:20:50 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
    [2013/06/23 15:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2013/06/23 15:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2013/06/23 15:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2013/06/22 23:17:49 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnets.sys
    [2013/06/22 23:17:48 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys
    [2013/06/22 23:17:48 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys
    [2013/06/22 23:17:48 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds64.sys
    [2013/06/22 23:17:48 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys
    [2013/06/22 23:17:48 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys
    [2013/06/22 23:17:48 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys
    [2013/06/22 23:17:48 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam.sys
    [2013/06/22 23:17:09 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1404000.028
    [2013/06/22 23:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/06/22 23:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/06/22 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group
    [2013/06/22 23:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
    [2013/06/22 23:01:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
    [2013/06/22 22:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2013/06/22 22:56:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
    [2013/06/22 22:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2013/06/22 22:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2013/06/22 22:37:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinRAR
    [2013/06/22 21:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013/06/22 21:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/06/18 16:16:08 | 000,023,168 | ---- | C] (COMODO) -- C:\windows\SysNative\drivers\cmderd.sys
    [2013/06/18 16:15:50 | 000,043,216 | ---- | C] (COMODO) -- C:\windows\SysNative\cmdcsr.dll
    [2013/06/18 16:15:48 | 000,437,688 | ---- | C] (COMODO) -- C:\windows\SysNative\guard64.dll
    [2013/06/18 16:15:48 | 000,348,584 | ---- | C] (COMODO) -- C:\windows\SysWow64\guard32.dll
    [2013/06/18 16:15:40 | 000,344,792 | ---- | C] (COMODO) -- C:\windows\SysNative\cmdvrt64.dll
    [2013/06/18 16:15:40 | 000,045,784 | ---- | C] (COMODO) -- C:\windows\SysNative\cmdkbd64.dll
    [2013/06/18 16:15:36 | 000,278,232 | ---- | C] (COMODO) -- C:\windows\SysWow64\cmdvrt32.dll
    [2013/06/18 16:15:36 | 000,040,664 | ---- | C] (COMODO) -- C:\windows\SysWow64\cmdkbd32.dll
    [2013/06/11 22:36:01 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
    [2013/06/11 22:35:57 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2013/06/11 22:35:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2013/06/11 22:35:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2013/06/11 22:35:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
    [2013/06/11 22:35:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
    [2013/06/11 22:35:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2013/06/11 22:35:54 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
    [2013/06/11 22:35:54 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
    [2013/06/11 22:35:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
    [2013/06/11 22:35:49 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
    [2013/06/11 22:35:39 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
    [2013/06/11 22:35:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
    [2013/06/11 22:35:38 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
    [2013/06/11 22:35:37 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
    [2013/06/11 22:35:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
    [2013/06/11 22:35:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
    [2013/05/31 14:48:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/06/29 12:57:37 | 001,241,408 | ---- | M] () -- C:\windows\SysNative\drivers\sfi.dat
    [2013/06/29 12:36:02 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/29 12:36:02 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/29 12:32:29 | 000,743,840 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/06/29 12:32:29 | 000,637,044 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/06/29 12:32:29 | 000,111,160 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/06/29 12:27:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/06/29 12:27:44 | 3062,906,880 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/23 15:22:13 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
    [2013/06/23 13:03:53 | 002,268,932 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
    [2013/06/22 22:21:52 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
    [2013/06/22 22:21:52 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
    [2013/06/22 22:21:52 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
    [2013/06/22 22:21:52 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
    [2013/06/18 22:26:48 | 000,001,091 | ---- | M] () -- C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
    [2013/06/18 16:16:08 | 000,023,168 | ---- | M] (COMODO) -- C:\windows\SysNative\drivers\cmderd.sys
    [2013/06/18 16:15:50 | 000,043,216 | ---- | M] (COMODO) -- C:\windows\SysNative\cmdcsr.dll
    [2013/06/18 16:15:48 | 000,437,688 | ---- | M] (COMODO) -- C:\windows\SysNative\guard64.dll
    [2013/06/18 16:15:48 | 000,348,584 | ---- | M] (COMODO) -- C:\windows\SysWow64\guard32.dll
    [2013/06/18 16:15:40 | 000,344,792 | ---- | M] (COMODO) -- C:\windows\SysNative\cmdvrt64.dll
    [2013/06/18 16:15:40 | 000,045,784 | ---- | M] (COMODO) -- C:\windows\SysNative\cmdkbd64.dll
    [2013/06/18 16:15:36 | 000,278,232 | ---- | M] (COMODO) -- C:\windows\SysWow64\cmdvrt32.dll
    [2013/06/18 16:15:36 | 000,040,664 | ---- | M] (COMODO) -- C:\windows\SysWow64\cmdkbd32.dll
    [2013/06/03 23:34:29 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/06/23 18:38:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2013/06/23 18:38:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2013/06/23 18:38:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2013/06/23 18:38:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2013/06/23 18:38:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2013/06/23 15:22:13 | 000,000,604 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
    [2013/06/23 15:22:07 | 001,241,408 | ---- | C] () -- C:\windows\SysNative\drivers\sfi.dat
    [2013/06/23 13:03:13 | 002,268,932 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
    [2013/06/22 23:24:04 | 000,014,818 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
    [2013/06/22 23:17:49 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam64.cat
    [2013/06/22 23:17:49 | 000,008,067 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnet64.cat
    [2013/06/22 23:17:49 | 000,001,440 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnet.inf
    [2013/06/22 23:17:48 | 000,007,667 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.cat
    [2013/06/22 23:17:48 | 000,007,593 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\iron.cat
    [2013/06/22 23:17:48 | 000,007,589 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.cat
    [2013/06/22 23:17:48 | 000,007,587 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa64.cat
    [2013/06/22 23:17:48 | 000,003,434 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa.inf
    [2013/06/22 23:17:48 | 000,002,852 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds.inf
    [2013/06/22 23:17:48 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.inf
    [2013/06/22 23:17:48 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.inf
    [2013/06/22 23:17:48 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam.inf
    [2013/06/22 23:17:48 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.inf
    [2013/06/22 23:17:48 | 000,000,767 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\iron.inf
    [2013/06/22 23:17:09 | 000,008,067 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.cat
    [2013/06/22 23:17:09 | 000,008,063 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds64.cat
    [2013/06/22 23:17:09 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
    [2013/06/18 22:26:48 | 000,001,091 | ---- | C] () -- C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
    [2012/03/15 19:13:15 | 000,000,001 | ---- | C] () -- C:\Users\Owner\random.dat
    [2012/03/15 19:13:14 | 000,000,044 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE.dat
    [2011/10/10 18:48:14 | 000,174,467 | ---- | C] () -- C:\windows\hpoins43.dat
    [2011/10/10 18:48:14 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl43.dat
    [2011/10/09 21:13:56 | 000,173,083 | ---- | C] () -- C:\windows\hpoins46.dat
    [2011/10/09 21:13:56 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl46.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
     
  6. RileyMcD

    RileyMcD TS Rookie Topic Starter Posts: 25

    Extra OTL Log

    OTL Extras logfile created on: 6/29/2013 12:55:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 63.67% Memory free
    7.61 Gb Paging File | 5.87 Gb Available in Paging File | 77.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.96 Gb Total Space | 402.29 Gb Free Space | 88.42% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07DD8048-D1E2-48A7-9564-00E8E0D47002}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{0D682B8C-F488-4A43-8D85-0305F66FF220}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1836447E-4A88-44BA-A4C7-450153E8B371}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{18F4AD76-D568-42D8-BD1D-90443598C507}" = lport=445 | protocol=6 | dir=in | app=system |
    "{1EF09F45-1B93-4E25-8C15-12F7E41FB5B2}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{2209DB87-2429-4937-BF8B-2824A757B872}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2A096B77-4F0D-4545-A350-2FB2E6E59B0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2B5CF9D9-2233-41EF-9946-CF0737513BA7}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
    "{2BAB1CE5-7C07-4B3B-A5F7-90C8996FB785}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{350A6DFA-13AE-4365-A05F-812E853D6177}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{363ECE32-8DA1-46E3-9BBE-CFB30B2D66A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{484CC8D6-E570-442F-8BE4-38EF5FF195F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{53C33BF3-8075-43C2-BCAD-42C496744099}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{6570CAEA-0C93-413F-9A3C-088C2A365B2C}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
    "{659B8685-B823-4EAE-91D9-BF70DEE1764E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6745AF69-263B-4E7C-ABB7-0761E4029664}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6D97789C-9230-4225-8EA5-31EF0C32ACB8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{713ADA80-8CAB-47EE-8CE7-5862A7E2153F}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{73771BEA-67AF-49D1-9B61-56275B379699}" = rport=137 | protocol=17 | dir=out | app=system |
    "{74814AD5-EEAA-4A30-BA39-A552D13803C7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{782E1B97-98BB-4E7E-A96B-8DEE4B20B06A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8137A4EB-36EC-4FCF-AF31-2511400B8980}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8F5A37CE-0A57-42DB-ACF0-544B68B1F2A7}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
    "{A1653706-5BC3-4346-AC39-753C220C29E6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A72F13C6-C5BC-4280-BBD3-B5D70E5EB7CC}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
    "{AE579F39-6A66-4D7D-AC51-A09773FDD7FE}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
    "{B704E801-1BBF-4490-81AB-56D812A3B5D3}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B980D99B-5A0F-4E7F-A293-5C4ADA79B867}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BCFFEE03-05A4-4663-9D60-8DBB1CA8295C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D785F6E3-BFEF-489B-8D02-E590DEFB9521}" = rport=138 | protocol=17 | dir=out | app=system |
    "{F4562BFF-85C5-432D-A176-55220DE223CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00A0E6C6-073E-4A5D-8F49-85C037B940DC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{038E97E8-845C-40C9-980B-78DAA3561ACB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{05D84246-D23C-4A04-9499-99C434BB86B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0EDAC2AD-82AE-4F60-BA0E-786DAA497C10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0FEDE75B-F271-4BE1-91EB-463895539FDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{1F94C142-FE2D-4DA0-AB96-1AB4CB114D12}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{30F1AF2B-F1C9-4646-9074-24E9064DD30C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{34DC553F-BC34-4462-8386-346D41AAC302}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3E21E1DE-6987-4A1B-90EB-A2697A96620F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{4199F250-E51D-4A02-A8CD-0FF7504319FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{42E1855A-2DDE-44C3-8E9A-C2EA87B8919B}" = protocol=6 | dir=out | app=system |
    "{44EF2E7C-7156-4E2F-B563-C8EAAF05C64A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{49087FF4-06CE-42AD-8BEF-72F11C9E07AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{4A92E019-1720-4FAB-8933-AAE2298EDD76}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
    "{5DD1D03F-6E0B-4878-A519-0F9D5E1F8C8A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{5F266F37-07A1-4615-BDBA-08A5FF2B24DB}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{64E3F6F3-BC42-4182-A50D-35A678D1F5F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{78C7071F-BA10-4575-ACEF-69399C415B4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{79D4A8F6-E2FE-4489-9BB8-29AFD0ABC6BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{7AD288B8-729F-438B-B356-7AED45355D1E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{7CF768E5-5F0A-4F73-9FD0-AA3E960AFBC1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{81257492-1A11-4233-8588-4370A2C9D9FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{8826D617-007C-4D5E-A67B-A159D754D4B1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{8E5029DB-D83D-4CC4-93CF-C5212F7B873A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{8E6D47C5-0E8C-4040-BC72-9DF3BEEFAB60}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8F1662BB-8DAF-4E80-9C8D-DA744444A03D}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{924790EE-0523-4FAE-9B40-EC8D9E883A9D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{99F2F0F9-2583-4869-AAC8-277BC7FA8FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
    "{9A19B40F-6F53-4C93-9DCC-EE1A25E43A83}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{9CA05C79-CE5D-4134-9964-80047CD53538}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{A644DB12-B637-4C2D-BD8F-71557E29AB90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{AE34F614-23C0-41D5-B9E0-4DB7DA18B122}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{B2774167-C15F-4C3E-8569-3081C78A02E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B754ADD3-826E-4EAE-9C6E-8655B34754CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B84C3C3A-44F9-4F76-AD18-9379BDF95B3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{CEECA9AB-83F7-4182-B826-F8A4AA15F829}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{D4FCF5CA-D30D-421E-9025-B37321A12052}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{D5A31EFF-CBF6-4FF9-9681-85553CC84E04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D99597C4-89EA-4821-98A0-745F5A9877EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{DBDAD4F9-87AB-409E-8CFA-E22E48DBAA50}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{E249824C-ACA1-4EB6-AD32-619083A5B380}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F28AC27D-97DE-4924-AD5F-A447A58C2435}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{FB27E1E4-CE40-4091-98A2-2535D6D74EB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FB4FDBED-49F2-4F3B-92B3-294B5EAE2943}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
    "{FD037B5E-B744-4317-8841-21E8EFC76540}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{A91E003B-02B7-4E4F-BA72-FFE86B962691}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{D25290C4-997A-49D6-AFF4-BA12F9BBABFC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{85B2FB74-1BCE-4345-81EA-1A2A60A5D3FE}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{D6FA1198-A723-40C3-A04D-728DEC070D49}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Internet Security Premium
    "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
    "{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "Logitech Unifying" = Logitech Unifying Software 2.00
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A536367E-C40C-4483-8F9B-19DEB881B205}" = TOSHIBA Hardware Setup
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "NVIDIA.Updatus" = NVIDIA Updatus
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "48e4cff94f039634" = Best Buy pc app

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    < End of report >
     
  7. RileyMcD

    RileyMcD TS Rookie Topic Starter Posts: 25

    Back to square one; after attempting to remove Comodo and installing Microsoft Security Essentials based on personal preferences, the uninstall required a reboot - after shutting down the system is now unable to restart. I've attempted to run in Safe Mode, Normal Windows mode, Repair Mode, or a System Restore with no luck.
     
  8. RileyMcD

    RileyMcD TS Rookie Topic Starter Posts: 25

    I've also tried to run the FRST64.exe off of the flash drive with no luck; midway through the scan the computer will shutdown abruptly.
     
  9. RileyMcD

    RileyMcD TS Rookie Topic Starter Posts: 25

    FRST64 Log

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
    Ran by SYSTEM on 29-06-2013 14:17:51
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [161304 2010-08-10] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [386584 2010-08-10] (Intel Corporation)
    HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [415256 2010-08-10] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [8312352 2009-11-02] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
    HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1445888 2010-01-27] (Intel® Corporation)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-06-29] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1504608 2010-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] "C:\windows\system32\thpsrv" /logon [x]
    HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x]
    HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
    HKU\UpdatusUser\...\Run: [Sidebar] "%ProgramFiles%\Windows Sidebar\Sidebar.exe" /autoRun [1475584 2010-11-20] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [] [x]
    HKU\UpdatusUser\...\RunOnce: [mctadmin] "C:\Windows\System32\mctadmin.exe" [97280 2009-07-13] (Microsoft Corporation)
    HKU\UpdatusUser\...\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe [x]
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll [111720 2010-07-12] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [100968 2010-07-12] (NVIDIA Corporation)

    ==================== Services (Whitelisted) =================

    S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    S2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3997912 2011-10-19] (Webroot Software, Inc. (www.webroot.com))
    S2 WRConsumerService; C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [3386840 2012-01-08] (Webroot Software, Inc. )
    S3 TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

    ==================== Drivers (Whitelisted) ====================

    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    S2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [56408 2011-05-23] (Webroot Software, Inc. (www.webroot.com))
    S0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2011-05-23] (Webroot Software, Inc. (www.webroot.com))
    S4 cmdGuard; system32\DRIVERS\cmdguard.sys [x]
    S4 cmdHlp; System32\DRIVERS\cmdhlp.sys [x]
    S3 L1C; system32\DRIVERS\L1C62x64.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-29 12:38 - 2013-06-29 12:38 - 00001945 ____A C:\Windows\epplauncher.mif
    2013-06-29 12:38 - 2013-06-29 12:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-06-29 12:38 - 2013-06-29 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-06-29 12:33 - 2013-06-29 12:33 - 13475464 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2013-06-29 12:05 - 2013-06-29 12:05 - 00095488 ____A C:\Users\Owner\Downloads\OTL.Txt
    2013-06-29 12:05 - 2013-06-29 12:05 - 00060356 ____A C:\Users\Owner\Downloads\Extras.Txt
    2013-06-29 11:53 - 2013-06-29 11:54 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
    2013-06-29 11:35 - 2013-06-29 11:35 - 00000000 ____D C:\Windows\ERUNT
    2013-06-29 11:34 - 2013-06-29 11:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Owner\Downloads\JRT.exe
    2013-06-29 11:34 - 2013-06-29 11:34 - 00000000 ____D C:\JRT
    2013-06-29 11:25 - 2013-06-29 11:26 - 00004040 ____A C:\AdwCleaner[S1].txt
    2013-06-29 11:25 - 2013-06-29 11:25 - 00648201 ____A C:\Users\Owner\Downloads\adwcleaner.exe
    2013-06-27 00:05 - 2013-06-29 11:24 - 04622336 ____A C:\Users\Owner\Downloads\Ch 12 summer, 2012.ppt
    2013-06-27 00:05 - 2013-06-29 11:23 - 05758976 ____A C:\Users\Owner\Downloads\Ch 8, 9 rev summer 2011.ppt
    2013-06-27 00:05 - 2013-06-27 00:05 - 04653056 ____A C:\Users\Owner\Downloads\Ch 5 summer 2011 (1).ppt
    2013-06-26 00:34 - 2013-06-26 00:34 - 04655616 ____A C:\Users\Owner\Downloads\Ch 5 summer 2011.ppt
    2013-06-25 23:15 - 2013-06-25 23:15 - 03278336 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (2).ppt
    2013-06-23 21:11 - 2013-06-23 21:11 - 00309017 ____A C:\Users\Owner\Downloads\Study Guide 6-22-13.xlsx
    2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Users\Owner\Documents\Quarantine
    2013-06-23 17:54 - 2013-06-23 17:54 - 00021235 ____A C:\ComboFix.txt
    2013-06-23 17:38 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-06-23 17:38 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-06-23 17:38 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-06-23 17:38 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-06-23 17:38 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-06-23 17:38 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2013-06-23 17:38 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2013-06-23 17:38 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2013-06-23 16:42 - 2013-06-23 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-23 16:40 - 2013-06-23 16:40 - 00000000 ____D C:\Users\Owner\Downloads\MBAR
    2013-06-23 16:38 - 2013-06-23 16:38 - 13399154 ____A C:\Users\Owner\Downloads\mbar-1.06.0.1004.zip
    2013-06-23 16:27 - 2013-06-23 16:30 - 03757568 ____A C:\Users\Owner\Downloads\RogueKillerX64.exe
    2013-06-23 15:40 - 2013-06-23 17:54 - 00000000 ____D C:\Qoobox
    2013-06-23 15:38 - 2013-06-23 17:50 - 00000000 ____D C:\Windows\erdnt
    2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
    2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-23 15:33 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-06-23 14:52 - 2013-06-23 14:52 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-06-23 14:22 - 2013-06-29 12:43 - 01241408 ____A C:\Windows\System32\Drivers\sfi.dat
    2013-06-23 14:22 - 2013-06-23 14:22 - 00000604 ____A C:\Users\Public\Desktop\Shared Space.lnk
    2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\FRST
    2013-06-23 14:20 - 2013-06-23 14:22 - 00000000 ____D C:\ProgramData\Comodo
    2013-06-23 14:20 - 2013-06-23 14:20 - 00000000 ____D C:\ProgramData\Comodo Downloader
    2013-06-23 14:20 - 2013-06-23 14:20 - 00000000 ____D C:\Program Files\COMODO
    2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\Users\Owner\AppData\Local\VS Revo Group
    2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\ProgramData\VS Revo Group
    2013-06-22 21:58 - 2013-06-23 14:25 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-06-22 21:56 - 2013-06-23 12:05 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
    2013-06-22 21:37 - 2013-06-22 22:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
    2013-06-22 21:37 - 2013-06-22 22:09 - 00000000 ____D C:\Program Files\WinRAR
    2013-06-22 21:21 - 2013-06-29 12:46 - 00192464 ____A C:\Windows\PFRO.log
    2013-06-22 21:21 - 2013-06-29 11:28 - 00000448 ____A C:\Windows\setupact.log
    2013-06-22 21:21 - 2013-06-22 21:21 - 00000000 ____A C:\Windows\setuperr.log
    2013-06-22 20:55 - 2013-06-22 20:55 - 00000000 ____D C:\Program Files\CCleaner
    2013-06-19 07:10 - 2013-06-19 07:10 - 03245056 ____A C:\Users\Owner\Downloads\Ch 4 summer 2011.ppt
    2013-06-19 07:10 - 2013-06-19 07:10 - 02320896 ____A C:\Users\Owner\Downloads\Ch 3 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 04079104 ____A C:\Users\Owner\Downloads\ch 2 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (1).ppt
    2013-06-18 21:26 - 2013-06-18 21:26 - 00609336 ____A C:\Users\Owner\Downloads\setup.exe
    2013-06-18 21:26 - 2013-06-18 21:26 - 00001091 ____A C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
    2013-06-17 22:46 - 2013-06-17 22:46 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13 (1).xlsx
    2013-06-17 18:05 - 2013-06-18 21:23 - 00017719 ____A C:\Users\Owner\Downloads\SandX.xlsx
    2013-06-16 22:35 - 2013-06-16 22:35 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13.xlsx
    2013-06-11 21:36 - 2013-05-16 22:14 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-06-11 21:36 - 2013-05-16 22:13 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-06-11 21:36 - 2013-05-16 22:10 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-06-11 21:36 - 2013-05-16 22:10 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-06-11 21:36 - 2013-05-16 22:09 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-06-11 21:36 - 2013-05-16 10:21 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-06-11 21:36 - 2013-05-16 10:18 - 06034432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-06-11 21:36 - 2013-05-16 10:18 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-06-11 21:36 - 2013-05-16 10:17 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-06-11 21:36 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-06-11 21:35 - 2013-05-16 22:13 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-06-11 21:35 - 2013-05-16 22:10 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-06-11 21:35 - 2013-05-16 22:09 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-06-11 21:35 - 2013-05-16 22:09 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-06-11 21:35 - 2013-05-16 22:09 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-06-11 21:35 - 2013-05-16 10:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-06-11 21:35 - 2013-05-16 10:21 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-06-11 21:35 - 2013-05-16 10:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-06-11 21:35 - 2013-05-16 10:17 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-06-11 21:35 - 2013-05-16 10:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-06-11 21:35 - 2013-05-16 10:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-06-11 21:35 - 2013-05-16 09:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-06-11 21:35 - 2013-05-16 08:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-06-11 21:35 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-06-11 21:35 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-06-11 21:35 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-06-11 21:35 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
    2013-06-11 21:35 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-06-11 21:35 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-06-11 21:35 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-06-11 21:35 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
    2013-06-11 21:35 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
    2013-06-11 21:35 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
    2013-06-11 21:35 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
    2013-06-11 21:35 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2013-06-11 21:35 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-06-11 21:35 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-05-31 13:48 - 2013-06-22 21:12 - 00000000 ____D C:\Windows\Minidump

    ==================== One Month Modified Files and Folders =======

    2013-06-29 12:46 - 2013-06-22 21:21 - 00192464 ____A C:\Windows\PFRO.log
    2013-06-29 12:43 - 2013-06-23 14:22 - 01241408 ____A C:\Windows\System32\Drivers\sfi.dat
    2013-06-29 12:42 - 2010-12-20 02:04 - 01581680 ____A C:\Windows\WindowsUpdate.log
    2013-06-29 12:38 - 2013-06-29 12:38 - 00001945 ____A C:\Windows\epplauncher.mif
    2013-06-29 12:38 - 2013-06-29 12:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-06-29 12:38 - 2013-06-29 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-06-29 12:33 - 2013-06-29 12:33 - 13475464 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2013-06-29 12:05 - 2013-06-29 12:05 - 00095488 ____A C:\Users\Owner\Downloads\OTL.Txt
    2013-06-29 12:05 - 2013-06-29 12:05 - 00060356 ____A C:\Users\Owner\Downloads\Extras.Txt
    2013-06-29 11:54 - 2013-06-29 11:53 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
    2013-06-29 11:36 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-29 11:36 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-29 11:35 - 2013-06-29 11:35 - 00000000 ____D C:\Windows\ERUNT
    2013-06-29 11:34 - 2013-06-29 11:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Owner\Downloads\JRT.exe
    2013-06-29 11:34 - 2013-06-29 11:34 - 00000000 ____D C:\JRT
    2013-06-29 11:32 - 2009-07-13 21:13 - 00743840 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-29 11:28 - 2013-06-22 21:21 - 00000448 ____A C:\Windows\setupact.log
    2013-06-29 11:28 - 2011-06-20 16:06 - 00000000 ____D C:\ProgramData\Webroot
    2013-06-29 11:28 - 2010-12-20 02:18 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
    2013-06-29 11:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-29 11:26 - 2013-06-29 11:25 - 00004040 ____A C:\AdwCleaner[S1].txt
    2013-06-29 11:25 - 2013-06-29 11:25 - 00648201 ____A C:\Users\Owner\Downloads\adwcleaner.exe
    2013-06-29 11:24 - 2013-06-27 00:05 - 04622336 ____A C:\Users\Owner\Downloads\Ch 12 summer, 2012.ppt
    2013-06-29 11:23 - 2013-06-27 00:05 - 05758976 ____A C:\Users\Owner\Downloads\Ch 8, 9 rev summer 2011.ppt
    2013-06-27 00:05 - 2013-06-27 00:05 - 04653056 ____A C:\Users\Owner\Downloads\Ch 5 summer 2011 (1).ppt
    2013-06-26 00:34 - 2013-06-26 00:34 - 04655616 ____A C:\Users\Owner\Downloads\Ch 5 summer 2011.ppt
    2013-06-25 23:15 - 2013-06-25 23:15 - 03278336 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (2).ppt
    2013-06-23 21:11 - 2013-06-23 21:11 - 00309017 ____A C:\Users\Owner\Downloads\Study Guide 6-22-13.xlsx
    2013-06-23 20:24 - 2011-10-05 13:18 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Users\Owner\Documents\Quarantine
    2013-06-23 17:54 - 2013-06-23 17:54 - 00021235 ____A C:\ComboFix.txt
    2013-06-23 17:54 - 2013-06-23 15:40 - 00000000 ____D C:\Qoobox
    2013-06-23 17:54 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
    2013-06-23 17:50 - 2013-06-23 15:38 - 00000000 ____D C:\Windows\erdnt
    2013-06-23 17:49 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2013-06-23 17:02 - 2013-06-23 16:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-23 16:40 - 2013-06-23 16:40 - 00000000 ____D C:\Users\Owner\Downloads\MBAR
    2013-06-23 16:38 - 2013-06-23 16:38 - 13399154 ____A C:\Users\Owner\Downloads\mbar-1.06.0.1004.zip
    2013-06-23 16:30 - 2013-06-23 16:27 - 03757568 ____A C:\Users\Owner\Downloads\RogueKillerX64.exe
    2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
    2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-23 14:52 - 2013-06-23 14:52 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-06-23 14:25 - 2013-06-22 21:58 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-06-23 14:25 - 2010-12-20 02:30 - 00000000 ____D C:\ProgramData\Norton
    2013-06-23 14:22 - 2013-06-23 14:22 - 00000604 ____A C:\Users\Public\Desktop\Shared Space.lnk
    2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\FRST
    2013-06-23 14:22 - 2013-06-23 14:20 - 00000000 ____D C:\ProgramData\Comodo
    2013-06-23 14:20 - 2013-06-23 14:20 - 00000000 ____D C:\ProgramData\Comodo Downloader
    2013-06-23 14:20 - 2013-06-23 14:20 - 00000000 ____D C:\Program Files\COMODO
    2013-06-23 12:05 - 2013-06-22 21:56 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
    2013-06-22 22:09 - 2013-06-22 21:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
    2013-06-22 22:09 - 2013-06-22 21:37 - 00000000 ____D C:\Program Files\WinRAR
    2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\Users\Owner\AppData\Local\VS Revo Group
    2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\ProgramData\VS Revo Group
    2013-06-22 21:21 - 2013-06-22 21:21 - 00000000 ____A C:\Windows\setuperr.log
    2013-06-22 21:21 - 2011-10-24 13:30 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
    2013-06-22 21:21 - 2011-10-24 13:30 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
    2013-06-22 21:21 - 2011-09-30 21:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
    2013-06-22 21:21 - 2011-09-30 21:20 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
    2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ____D C:\Program Files\TOSHIBA
    2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
    2013-06-22 21:12 - 2013-05-31 13:48 - 00000000 ____D C:\Windows\Minidump
    2013-06-22 21:12 - 2011-10-02 20:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
    2013-06-22 21:12 - 2010-08-08 19:00 - 00000000 ____D C:\Windows\Panther
    2013-06-22 20:55 - 2013-06-22 20:55 - 00000000 ____D C:\Program Files\CCleaner
    2013-06-22 20:43 - 2011-10-02 20:47 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-06-22 20:43 - 2011-10-02 20:47 - 00000000 ____D C:\ProgramData\Skype
    2013-06-22 20:32 - 2010-08-08 18:59 - 00000000 ____D C:\ProgramData\Toshiba
    2013-06-19 07:10 - 2013-06-19 07:10 - 03245056 ____A C:\Users\Owner\Downloads\Ch 4 summer 2011.ppt
    2013-06-19 07:10 - 2013-06-19 07:10 - 02320896 ____A C:\Users\Owner\Downloads\Ch 3 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 04079104 ____A C:\Users\Owner\Downloads\ch 2 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (1).ppt
    2013-06-18 21:26 - 2013-06-18 21:26 - 00609336 ____A C:\Users\Owner\Downloads\setup.exe
    2013-06-18 21:26 - 2013-06-18 21:26 - 00001091 ____A C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
    2013-06-18 21:23 - 2013-06-17 18:05 - 00017719 ____A C:\Users\Owner\Downloads\SandX.xlsx
    2013-06-17 22:46 - 2013-06-17 22:46 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13 (1).xlsx
    2013-06-16 22:35 - 2013-06-16 22:35 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13.xlsx
    2013-06-09 22:47 - 2012-10-18 09:34 - 00000000 ____D C:\Users\Owner\Documents\Resume stuff
    2013-06-02 16:11 - 2011-06-20 15:49 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-06-12 17:41:54
    Restore point made on: 2013-06-18 21:36:33
    Restore point made on: 2013-06-19 07:09:00
    Restore point made on: 2013-06-22 19:57:25
    Restore point made on: 2013-06-22 20:23:30
    Restore point made on: 2013-06-22 20:24:41
    Restore point made on: 2013-06-22 20:26:04
    Restore point made on: 2013-06-22 20:27:02
    Restore point made on: 2013-06-22 20:28:25
    Restore point made on: 2013-06-22 20:29:37
    Restore point made on: 2013-06-22 20:30:19
    Restore point made on: 2013-06-22 20:33:23
    Restore point made on: 2013-06-22 20:42:49
    Restore point made on: 2013-06-22 20:51:09
    Restore point made on: 2013-06-22 21:04:48
    Restore point made on: 2013-06-22 21:17:27
    Restore point made on: 2013-06-22 21:28:14
    Restore point made on: 2013-06-22 22:04:07
    Restore point made on: 2013-06-23 14:00:04
    Restore point made on: 2013-06-23 14:21:17
    Restore point made on: 2013-06-23 16:38:33
    Restore point made on: 2013-06-23 17:34:51
    Restore point made on: 2013-06-23 18:11:33
    Restore point made on: 2013-06-23 20:21:40
    Restore point made on: 2013-06-29 12:40:35

    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 3894.69 MB
    Available physical RAM: 3331.03 MB
    Total Pagefile: 3892.84 MB
    Available Pagefile: 3311.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (TI105965W0D) (Fixed) (Total:454.96 GB) (Free:406.18 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
    Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
    Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    Drive g: () (Removable) (Total:3.74 GB) (Free:3.61 GB) FAT32 (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C8EEC860)
    Partition 1: (Active) - (Size=1 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

    ========================================================
    Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


    LastRegBack: 2013-03-16 07:40

    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    First of all you didn't follow my previous request:
    Then you didn't follow my rules by playing with uninstalling Comodo and installing MSE.
    One of my rules says:
    That means wasting my time.
    We need to make your computer bootable, re-run some scans etc.

    If it happens again I'll close this topic.

    ==============================================

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  11. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Still with me?
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.