Inactive-A Requesting help, Similar to DamianN7's Issue

Status
Not open for further replies.
Current Issues are minimal/non-existent (y) I just gained assess to said computer that was infected, Thank you for your patience, I will begin running the Adware Cleane, Junk Removal tool and OTL. I'm looking forward to maximizing this computer's performance. Thank you yet again Broni
 
AdwCleaner Log

[FONT=Courier New]# AdwCleaner v2.303 - Logfile created 06/29/2013 at 12:25:40[/FONT]
[FONT=Courier New]# Updated 08/06/2013 by Xplode[/FONT]
[FONT=Courier New]# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)[/FONT]
[FONT=Courier New]# User : Owner - OWNER-PC[/FONT]
[FONT=Courier New]# Boot Mode : Normal[/FONT]
[FONT=Courier New]# Running from : C:\Users\Owner\Downloads\adwcleaner.exe[/FONT]
[FONT=Courier New]# Option [Delete][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]***** [Services] *****[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]***** [Files / Folders] *****[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Folder Deleted : C:\Program Files (x86)\Conduit[/FONT]
[FONT=Courier New]Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com[/FONT]
[FONT=Courier New]Folder Deleted : C:\Program Files (x86)\OApps[/FONT]
[FONT=Courier New]Folder Deleted : C:\ProgramData\Babylon[/FONT]
[FONT=Courier New]Folder Deleted : C:\ProgramData\Partner[/FONT]
[FONT=Courier New]Folder Deleted : C:\Users\Owner\AppData\Local\Babylon[/FONT]
[FONT=Courier New]Folder Deleted : C:\Users\Owner\AppData\Local\Conduit[/FONT]
[FONT=Courier New]Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware[/FONT]
[FONT=Courier New]Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit[/FONT]
[FONT=Courier New]Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong[/FONT]
[FONT=Courier New]Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon[/FONT]
[FONT=Courier New]Folder Deleted : C:\Users\Owner\AppData\Roaming\Conduit[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]***** [Registry] *****[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\AppDataLow\Software\Conduit[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\SearchProtect[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\ShopToWin[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\Software\Babylon[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap[/FONT]
[FONT=Courier New]Key Deleted : HKLM\Software\Freeze.com[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Software[/FONT]
[FONT=Courier New]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]***** [Internet Browsers] *****[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]-\\ Internet Explorer v8.0.7601.17514[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN33612886651136735&UM=2&ctid=CT3287375 --> hxxp://www.google.com[/FONT]
[FONT=Courier New]Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111442&tt=290412_3_ppcb&babsrc=NT_ss&mntrId=5ef8e32400000000000064d4da1d5ec2 --> hxxp://www.google.com[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]-\\ Google Chrome v27.0.1453.116[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][OK] File is clean.[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]*************************[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]AdwCleaner[S1].txt - [3915 octets] - [29/06/2013 12:25:40][/FONT]
[FONT=Courier New] [/FONT]

[FONT=Courier New]########## EOF - C:\AdwCleaner[S1].txt - [3975 octets] ##########[/FONT]
 
JRT Log

[FONT=Courier New]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/FONT]
[FONT=Courier New]Junkware Removal Tool (JRT) by Thisisu[/FONT]
[FONT=Courier New]Version: 4.9.4 (05.06.2013:1)[/FONT]
[FONT=Courier New]OS: Windows 7 Home Premium x64[/FONT]
[FONT=Courier New]Ran by Owner on Sat 06/29/2013 at 12:35:34.86[/FONT]
[FONT=Courier New]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]~~~ Services[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]~~~ Registry Values[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]~~~ Registry Keys[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3499E304-F149-4657-BD68-BAC403DB534E}[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]~~~ Files[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]~~~ Folders[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]~~~ Chrome[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Successfully deleted: [Registry Key] hkey_current_user\software\policies\google\chrome\extensioninstallforcelist[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]~~~ Event Viewer Logs were cleared[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/FONT]
[FONT=Courier New]Scan was completed on Sat 06/29/2013 at 12:52:02.16[/FONT]
[FONT=Courier New]End of JRT log[/FONT]

[FONT=Courier New]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/FONT]
 
OTL Log

OTL logfile created on: 6/29/2013 12:55:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 63.67% Memory free
7.61 Gb Paging File | 5.87 Gb Available in Paging File | 77.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.96 Gb Total Space | 402.29 Gb Free Space | 88.42% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/29 12:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/08 22:09:59 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/10/19 11:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/07/11 19:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/18 16:15:54 | 006,181,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2013/06/18 16:15:30 | 000,158,936 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2010/07/22 17:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/06/29 12:05:02 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/04/23 19:08:32 | 000,259,440 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/12/29 13:07:54 | 000,911,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/12/29 13:02:46 | 000,404,992 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/10/21 10:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/08 22:09:59 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/10/19 11:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/07/11 19:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/11/18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 16:16:08 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/23 13:09:30 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/05/23 13:09:30 | 000,056,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/29 03:40:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/12 06:40:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/06/21 16:15:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/31 13:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/05/08 19:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/27 17:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 06:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 22:37:22 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/12/22 22:37:16 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2009/12/22 22:37:14 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{ED12DA08-0F2B-4CEA-B51B-6438B41F638A}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{94B8D5AA-BD2C-44E8-BDB1-6E70AF784874}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\..\SearchScopes\{24E655F6-6F10-4C93-A5FA-AC861ECD1526}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Simple Adblock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgpjglmaolmnjafhcnnghdokmblhhnj\1.0.6_0\
CHR - Extension: Simple Adblock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo\1.0.9_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/01/30 14:06:40 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe File not found
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe File not found
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000..\RunOnce: [mctadmin] "C:\Windows\System32\mctadmin.exe" File not found
O4 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/29 12:35:31 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/06/29 12:34:48 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/23 19:09:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Quarantine
[2013/06/23 19:09:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/23 18:38:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/06/23 18:38:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/06/23 18:38:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/06/23 17:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/23 16:40:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/23 16:38:10 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/06/23 16:33:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/06/23 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/23 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/23 16:33:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/06/23 16:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/23 15:22:37 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/23 15:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013/06/23 15:20:50 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013/06/23 15:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/06/23 15:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/06/23 15:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013/06/22 23:17:49 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnets.sys
[2013/06/22 23:17:48 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys
[2013/06/22 23:17:48 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys
[2013/06/22 23:17:48 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds64.sys
[2013/06/22 23:17:48 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys
[2013/06/22 23:17:48 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys
[2013/06/22 23:17:48 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys
[2013/06/22 23:17:48 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam.sys
[2013/06/22 23:17:09 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1404000.028
[2013/06/22 23:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/22 23:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/22 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group
[2013/06/22 23:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/06/22 23:01:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/06/22 22:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/06/22 22:56:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2013/06/22 22:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/06/22 22:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/06/22 22:37:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2013/06/22 21:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/06/22 21:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/18 16:16:08 | 000,023,168 | ---- | C] (COMODO) -- C:\windows\SysNative\drivers\cmderd.sys
[2013/06/18 16:15:50 | 000,043,216 | ---- | C] (COMODO) -- C:\windows\SysNative\cmdcsr.dll
[2013/06/18 16:15:48 | 000,437,688 | ---- | C] (COMODO) -- C:\windows\SysNative\guard64.dll
[2013/06/18 16:15:48 | 000,348,584 | ---- | C] (COMODO) -- C:\windows\SysWow64\guard32.dll
[2013/06/18 16:15:40 | 000,344,792 | ---- | C] (COMODO) -- C:\windows\SysNative\cmdvrt64.dll
[2013/06/18 16:15:40 | 000,045,784 | ---- | C] (COMODO) -- C:\windows\SysNative\cmdkbd64.dll
[2013/06/18 16:15:36 | 000,278,232 | ---- | C] (COMODO) -- C:\windows\SysWow64\cmdvrt32.dll
[2013/06/18 16:15:36 | 000,040,664 | ---- | C] (COMODO) -- C:\windows\SysWow64\cmdkbd32.dll
[2013/06/11 22:36:01 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/06/11 22:35:57 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/06/11 22:35:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/11 22:35:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/11 22:35:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/06/11 22:35:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/06/11 22:35:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/06/11 22:35:54 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/06/11 22:35:54 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/06/11 22:35:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/06/11 22:35:49 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/06/11 22:35:39 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/06/11 22:35:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/06/11 22:35:38 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/06/11 22:35:37 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/06/11 22:35:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/06/11 22:35:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/05/31 14:48:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/29 12:57:37 | 001,241,408 | ---- | M] () -- C:\windows\SysNative\drivers\sfi.dat
[2013/06/29 12:36:02 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/29 12:36:02 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/29 12:32:29 | 000,743,840 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/29 12:32:29 | 000,637,044 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/29 12:32:29 | 000,111,160 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/29 12:27:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/29 12:27:44 | 3062,906,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/23 15:22:13 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2013/06/23 13:03:53 | 002,268,932 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/06/22 22:21:52 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
[2013/06/22 22:21:52 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
[2013/06/22 22:21:52 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
[2013/06/22 22:21:52 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
[2013/06/18 22:26:48 | 000,001,091 | ---- | M] () -- C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
[2013/06/18 16:16:08 | 000,023,168 | ---- | M] (COMODO) -- C:\windows\SysNative\drivers\cmderd.sys
[2013/06/18 16:15:50 | 000,043,216 | ---- | M] (COMODO) -- C:\windows\SysNative\cmdcsr.dll
[2013/06/18 16:15:48 | 000,437,688 | ---- | M] (COMODO) -- C:\windows\SysNative\guard64.dll
[2013/06/18 16:15:48 | 000,348,584 | ---- | M] (COMODO) -- C:\windows\SysWow64\guard32.dll
[2013/06/18 16:15:40 | 000,344,792 | ---- | M] (COMODO) -- C:\windows\SysNative\cmdvrt64.dll
[2013/06/18 16:15:40 | 000,045,784 | ---- | M] (COMODO) -- C:\windows\SysNative\cmdkbd64.dll
[2013/06/18 16:15:36 | 000,278,232 | ---- | M] (COMODO) -- C:\windows\SysWow64\cmdvrt32.dll
[2013/06/18 16:15:36 | 000,040,664 | ---- | M] (COMODO) -- C:\windows\SysWow64\cmdkbd32.dll
[2013/06/03 23:34:29 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/23 18:38:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/06/23 18:38:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/06/23 18:38:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/06/23 18:38:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/06/23 18:38:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/06/23 15:22:13 | 000,000,604 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2013/06/23 15:22:07 | 001,241,408 | ---- | C] () -- C:\windows\SysNative\drivers\sfi.dat
[2013/06/23 13:03:13 | 002,268,932 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/06/22 23:24:04 | 000,014,818 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[2013/06/22 23:17:49 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam64.cat
[2013/06/22 23:17:49 | 000,008,067 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnet64.cat
[2013/06/22 23:17:49 | 000,001,440 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnet.inf
[2013/06/22 23:17:48 | 000,007,667 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.cat
[2013/06/22 23:17:48 | 000,007,593 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\iron.cat
[2013/06/22 23:17:48 | 000,007,589 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.cat
[2013/06/22 23:17:48 | 000,007,587 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa64.cat
[2013/06/22 23:17:48 | 000,003,434 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa.inf
[2013/06/22 23:17:48 | 000,002,852 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds.inf
[2013/06/22 23:17:48 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.inf
[2013/06/22 23:17:48 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.inf
[2013/06/22 23:17:48 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam.inf
[2013/06/22 23:17:48 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.inf
[2013/06/22 23:17:48 | 000,000,767 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\iron.inf
[2013/06/22 23:17:09 | 000,008,067 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.cat
[2013/06/22 23:17:09 | 000,008,063 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds64.cat
[2013/06/22 23:17:09 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
[2013/06/18 22:26:48 | 000,001,091 | ---- | C] () -- C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
[2012/03/15 19:13:15 | 000,000,001 | ---- | C] () -- C:\Users\Owner\random.dat
[2012/03/15 19:13:14 | 000,000,044 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE.dat
[2011/10/10 18:48:14 | 000,174,467 | ---- | C] () -- C:\windows\hpoins43.dat
[2011/10/10 18:48:14 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl43.dat
[2011/10/09 21:13:56 | 000,173,083 | ---- | C] () -- C:\windows\hpoins46.dat
[2011/10/09 21:13:56 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl46.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 
Extra OTL Log

OTL Extras logfile created on: 6/29/2013 12:55:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 63.67% Memory free
7.61 Gb Paging File | 5.87 Gb Available in Paging File | 77.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.96 Gb Total Space | 402.29 Gb Free Space | 88.42% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DD8048-D1E2-48A7-9564-00E8E0D47002}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D682B8C-F488-4A43-8D85-0305F66FF220}" = rport=445 | protocol=6 | dir=out | app=system |
"{1836447E-4A88-44BA-A4C7-450153E8B371}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18F4AD76-D568-42D8-BD1D-90443598C507}" = lport=445 | protocol=6 | dir=in | app=system |
"{1EF09F45-1B93-4E25-8C15-12F7E41FB5B2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2209DB87-2429-4937-BF8B-2824A757B872}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A096B77-4F0D-4545-A350-2FB2E6E59B0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B5CF9D9-2233-41EF-9946-CF0737513BA7}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{2BAB1CE5-7C07-4B3B-A5F7-90C8996FB785}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{350A6DFA-13AE-4365-A05F-812E853D6177}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{363ECE32-8DA1-46E3-9BBE-CFB30B2D66A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{484CC8D6-E570-442F-8BE4-38EF5FF195F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53C33BF3-8075-43C2-BCAD-42C496744099}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6570CAEA-0C93-413F-9A3C-088C2A365B2C}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{659B8685-B823-4EAE-91D9-BF70DEE1764E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6745AF69-263B-4E7C-ABB7-0761E4029664}" = lport=137 | protocol=17 | dir=in | app=system |
"{6D97789C-9230-4225-8EA5-31EF0C32ACB8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{713ADA80-8CAB-47EE-8CE7-5862A7E2153F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{73771BEA-67AF-49D1-9B61-56275B379699}" = rport=137 | protocol=17 | dir=out | app=system |
"{74814AD5-EEAA-4A30-BA39-A552D13803C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{782E1B97-98BB-4E7E-A96B-8DEE4B20B06A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8137A4EB-36EC-4FCF-AF31-2511400B8980}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F5A37CE-0A57-42DB-ACF0-544B68B1F2A7}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{A1653706-5BC3-4346-AC39-753C220C29E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A72F13C6-C5BC-4280-BBD3-B5D70E5EB7CC}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{AE579F39-6A66-4D7D-AC51-A09773FDD7FE}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{B704E801-1BBF-4490-81AB-56D812A3B5D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{B980D99B-5A0F-4E7F-A293-5C4ADA79B867}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCFFEE03-05A4-4663-9D60-8DBB1CA8295C}" = lport=138 | protocol=17 | dir=in | app=system |
"{D785F6E3-BFEF-489B-8D02-E590DEFB9521}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4562BFF-85C5-432D-A176-55220DE223CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A0E6C6-073E-4A5D-8F49-85C037B940DC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{038E97E8-845C-40C9-980B-78DAA3561ACB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05D84246-D23C-4A04-9499-99C434BB86B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EDAC2AD-82AE-4F60-BA0E-786DAA497C10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0FEDE75B-F271-4BE1-91EB-463895539FDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{1F94C142-FE2D-4DA0-AB96-1AB4CB114D12}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30F1AF2B-F1C9-4646-9074-24E9064DD30C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34DC553F-BC34-4462-8386-346D41AAC302}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E21E1DE-6987-4A1B-90EB-A2697A96620F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{4199F250-E51D-4A02-A8CD-0FF7504319FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42E1855A-2DDE-44C3-8E9A-C2EA87B8919B}" = protocol=6 | dir=out | app=system |
"{44EF2E7C-7156-4E2F-B563-C8EAAF05C64A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49087FF4-06CE-42AD-8BEF-72F11C9E07AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A92E019-1720-4FAB-8933-AAE2298EDD76}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{5DD1D03F-6E0B-4878-A519-0F9D5E1F8C8A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5F266F37-07A1-4615-BDBA-08A5FF2B24DB}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{64E3F6F3-BC42-4182-A50D-35A678D1F5F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{78C7071F-BA10-4575-ACEF-69399C415B4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79D4A8F6-E2FE-4489-9BB8-29AFD0ABC6BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7AD288B8-729F-438B-B356-7AED45355D1E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{7CF768E5-5F0A-4F73-9FD0-AA3E960AFBC1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{81257492-1A11-4233-8588-4370A2C9D9FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8826D617-007C-4D5E-A67B-A159D754D4B1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{8E5029DB-D83D-4CC4-93CF-C5212F7B873A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8E6D47C5-0E8C-4040-BC72-9DF3BEEFAB60}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8F1662BB-8DAF-4E80-9C8D-DA744444A03D}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{924790EE-0523-4FAE-9B40-EC8D9E883A9D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{99F2F0F9-2583-4869-AAC8-277BC7FA8FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{9A19B40F-6F53-4C93-9DCC-EE1A25E43A83}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{9CA05C79-CE5D-4134-9964-80047CD53538}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A644DB12-B637-4C2D-BD8F-71557E29AB90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AE34F614-23C0-41D5-B9E0-4DB7DA18B122}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{B2774167-C15F-4C3E-8569-3081C78A02E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B754ADD3-826E-4EAE-9C6E-8655B34754CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B84C3C3A-44F9-4F76-AD18-9379BDF95B3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEECA9AB-83F7-4182-B826-F8A4AA15F829}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D4FCF5CA-D30D-421E-9025-B37321A12052}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D5A31EFF-CBF6-4FF9-9681-85553CC84E04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D99597C4-89EA-4821-98A0-745F5A9877EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DBDAD4F9-87AB-409E-8CFA-E22E48DBAA50}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E249824C-ACA1-4EB6-AD32-619083A5B380}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F28AC27D-97DE-4924-AD5F-A447A58C2435}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{FB27E1E4-CE40-4091-98A2-2535D6D74EB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB4FDBED-49F2-4F3B-92B3-294B5EAE2943}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{FD037B5E-B744-4317-8841-21E8EFC76540}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{A91E003B-02B7-4E4F-BA72-FFE86B962691}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{D25290C4-997A-49D6-AFF4-BA12F9BBABFC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{85B2FB74-1BCE-4345-81EA-1A2A60A5D3FE}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{D6FA1198-A723-40C3-A04D-728DEC070D49}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Internet Security Premium
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Logitech Unifying" = Logitech Unifying Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A536367E-C40C-4483-8F9B-19DEB881B205}" = TOSHIBA Hardware Setup
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1233418114-2423251252-4259381913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1233418114-2423251252-4259381913-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

< End of report >
 
Back to square one; after attempting to remove Comodo and installing Microsoft Security Essentials based on personal preferences, the uninstall required a reboot - after shutting down the system is now unable to restart. I've attempted to run in Safe Mode, Normal Windows mode, Repair Mode, or a System Restore with no luck.
 
I've also tried to run the FRST64.exe off of the flash drive with no luck; midway through the scan the computer will shutdown abruptly.
 
FRST64 Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by SYSTEM on 29-06-2013 14:17:51
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [161304 2010-08-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [386584 2010-08-10] (Intel Corporation)
HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [415256 2010-08-10] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1445888 2010-01-27] (Intel® Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1504608 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] "C:\windows\system32\thpsrv" /logon [x]
HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x]
HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKU\UpdatusUser\...\Run: [Sidebar] "%ProgramFiles%\Windows Sidebar\Sidebar.exe" /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [] [x]
HKU\UpdatusUser\...\RunOnce: [mctadmin] "C:\Windows\System32\mctadmin.exe" [97280 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [111720 2010-07-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [100968 2010-07-12] (NVIDIA Corporation)

==================== Services (Whitelisted) =================

S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3997912 2011-10-19] (Webroot Software, Inc. (www.webroot.com))
S2 WRConsumerService; C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [3386840 2012-01-08] (Webroot Software, Inc. )
S3 TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [56408 2011-05-23] (Webroot Software, Inc. (www.webroot.com))
S0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2011-05-23] (Webroot Software, Inc. (www.webroot.com))
S4 cmdGuard; system32\DRIVERS\cmdguard.sys [x]
S4 cmdHlp; System32\DRIVERS\cmdhlp.sys [x]
S3 L1C; system32\DRIVERS\L1C62x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 12:38 - 2013-06-29 12:38 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-29 12:38 - 2013-06-29 12:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-29 12:38 - 2013-06-29 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-29 12:33 - 2013-06-29 12:33 - 13475464 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2013-06-29 12:05 - 2013-06-29 12:05 - 00095488 ____A C:\Users\Owner\Downloads\OTL.Txt
2013-06-29 12:05 - 2013-06-29 12:05 - 00060356 ____A C:\Users\Owner\Downloads\Extras.Txt
2013-06-29 11:53 - 2013-06-29 11:54 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-06-29 11:35 - 2013-06-29 11:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-29 11:34 - 2013-06-29 11:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Owner\Downloads\JRT.exe
2013-06-29 11:34 - 2013-06-29 11:34 - 00000000 ____D C:\JRT
2013-06-29 11:25 - 2013-06-29 11:26 - 00004040 ____A C:\AdwCleaner[S1].txt
2013-06-29 11:25 - 2013-06-29 11:25 - 00648201 ____A C:\Users\Owner\Downloads\adwcleaner.exe
2013-06-27 00:05 - 2013-06-29 11:24 - 04622336 ____A C:\Users\Owner\Downloads\Ch 12 summer, 2012.ppt
2013-06-27 00:05 - 2013-06-29 11:23 - 05758976 ____A C:\Users\Owner\Downloads\Ch 8, 9 rev summer 2011.ppt
2013-06-27 00:05 - 2013-06-27 00:05 - 04653056 ____A C:\Users\Owner\Downloads\Ch 5 summer 2011 (1).ppt
2013-06-26 00:34 - 2013-06-26 00:34 - 04655616 ____A C:\Users\Owner\Downloads\Ch 5 summer 2011.ppt
2013-06-25 23:15 - 2013-06-25 23:15 - 03278336 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (2).ppt
2013-06-23 21:11 - 2013-06-23 21:11 - 00309017 ____A C:\Users\Owner\Downloads\Study Guide 6-22-13.xlsx
2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Users\Owner\Documents\Quarantine
2013-06-23 17:54 - 2013-06-23 17:54 - 00021235 ____A C:\ComboFix.txt
2013-06-23 17:38 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-23 17:38 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-23 17:38 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-23 17:38 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-23 17:38 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-23 17:38 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-23 17:38 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-23 17:38 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-23 16:42 - 2013-06-23 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-23 16:40 - 2013-06-23 16:40 - 00000000 ____D C:\Users\Owner\Downloads\MBAR
2013-06-23 16:38 - 2013-06-23 16:38 - 13399154 ____A C:\Users\Owner\Downloads\mbar-1.06.0.1004.zip
2013-06-23 16:27 - 2013-06-23 16:30 - 03757568 ____A C:\Users\Owner\Downloads\RogueKillerX64.exe
2013-06-23 15:40 - 2013-06-23 17:54 - 00000000 ____D C:\Qoobox
2013-06-23 15:38 - 2013-06-23 17:50 - 00000000 ____D C:\Windows\erdnt
2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-23 15:33 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-23 14:52 - 2013-06-23 14:52 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-06-23 14:22 - 2013-06-29 12:43 - 01241408 ____A C:\Windows\System32\Drivers\sfi.dat
2013-06-23 14:22 - 2013-06-23 14:22 - 00000604 ____A C:\Users\Public\Desktop\Shared Space.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\FRST
2013-06-23 14:20 - 2013-06-23 14:22 - 00000000 ____D C:\ProgramData\Comodo
2013-06-23 14:20 - 2013-06-23 14:20 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-06-23 14:20 - 2013-06-23 14:20 - 00000000 ____D C:\Program Files\COMODO
2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\Users\Owner\AppData\Local\VS Revo Group
2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-06-22 21:58 - 2013-06-23 14:25 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-22 21:56 - 2013-06-23 12:05 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-22 21:37 - 2013-06-22 22:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
2013-06-22 21:37 - 2013-06-22 22:09 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 21:21 - 2013-06-29 12:46 - 00192464 ____A C:\Windows\PFRO.log
2013-06-22 21:21 - 2013-06-29 11:28 - 00000448 ____A C:\Windows\setupact.log
2013-06-22 21:21 - 2013-06-22 21:21 - 00000000 ____A C:\Windows\setuperr.log
2013-06-22 20:55 - 2013-06-22 20:55 - 00000000 ____D C:\Program Files\CCleaner
2013-06-19 07:10 - 2013-06-19 07:10 - 03245056 ____A C:\Users\Owner\Downloads\Ch 4 summer 2011.ppt
2013-06-19 07:10 - 2013-06-19 07:10 - 02320896 ____A C:\Users\Owner\Downloads\Ch 3 summer 2011.ppt
2013-06-19 07:09 - 2013-06-19 07:09 - 04079104 ____A C:\Users\Owner\Downloads\ch 2 summer 2011.ppt
2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011.ppt
2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (1).ppt
2013-06-18 21:26 - 2013-06-18 21:26 - 00609336 ____A C:\Users\Owner\Downloads\setup.exe
2013-06-18 21:26 - 2013-06-18 21:26 - 00001091 ____A C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
2013-06-17 22:46 - 2013-06-17 22:46 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13 (1).xlsx
2013-06-17 18:05 - 2013-06-18 21:23 - 00017719 ____A C:\Users\Owner\Downloads\SandX.xlsx
2013-06-16 22:35 - 2013-06-16 22:35 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13.xlsx
2013-06-11 21:36 - 2013-05-16 22:14 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 21:36 - 2013-05-16 22:13 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 21:36 - 2013-05-16 22:10 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 21:36 - 2013-05-16 22:10 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 21:36 - 2013-05-16 22:09 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 21:36 - 2013-05-16 10:21 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-11 21:36 - 2013-05-16 10:18 - 06034432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-11 21:36 - 2013-05-16 10:18 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 21:36 - 2013-05-16 10:17 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-11 21:36 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 21:35 - 2013-05-16 22:13 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-11 21:35 - 2013-05-16 22:10 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-11 21:35 - 2013-05-16 22:09 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 21:35 - 2013-05-16 22:09 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 21:35 - 2013-05-16 22:09 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 21:35 - 2013-05-16 10:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 21:35 - 2013-05-16 10:21 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-11 21:35 - 2013-05-16 10:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-11 21:35 - 2013-05-16 10:17 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-11 21:35 - 2013-05-16 10:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-11 21:35 - 2013-05-16 10:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 21:35 - 2013-05-16 09:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 21:35 - 2013-05-16 08:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 21:35 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 21:35 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 21:35 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 21:35 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 21:35 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 21:35 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 21:35 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 21:35 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 21:35 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 21:35 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 21:35 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 21:35 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 21:35 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 21:35 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-05-31 13:48 - 2013-06-22 21:12 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-06-29 12:46 - 2013-06-22 21:21 - 00192464 ____A C:\Windows\PFRO.log
2013-06-29 12:43 - 2013-06-23 14:22 - 01241408 ____A C:\Windows\System32\Drivers\sfi.dat
2013-06-29 12:42 - 2010-12-20 02:04 - 01581680 ____A C:\Windows\WindowsUpdate.log
2013-06-29 12:38 - 2013-06-29 12:38 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-29 12:38 - 2013-06-29 12:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-29 12:38 - 2013-06-29 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-29 12:33 - 2013-06-29 12:33 - 13475464 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2013-06-29 12:05 - 2013-06-29 12:05 - 00095488 ____A C:\Users\Owner\Downloads\OTL.Txt
2013-06-29 12:05 - 2013-06-29 12:05 - 00060356 ____A C:\Users\Owner\Downloads\Extras.Txt
2013-06-29 11:54 - 2013-06-29 11:53 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-06-29 11:36 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-29 11:36 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-29 11:35 - 2013-06-29 11:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-29 11:34 - 2013-06-29 11:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Owner\Downloads\JRT.exe
2013-06-29 11:34 - 2013-06-29 11:34 - 00000000 ____D C:\JRT
2013-06-29 11:32 - 2009-07-13 21:13 - 00743840 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-29 11:28 - 2013-06-22 21:21 - 00000448 ____A C:\Windows\setupact.log
2013-06-29 11:28 - 2011-06-20 16:06 - 00000000 ____D C:\ProgramData\Webroot
2013-06-29 11:28 - 2010-12-20 02:18 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2013-06-29 11:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 11:26 - 2013-06-29 11:25 - 00004040 ____A C:\AdwCleaner[S1].txt
2013-06-29 11:25 - 2013-06-29 11:25 - 00648201 ____A C:\Users\Owner\Downloads\adwcleaner.exe
2013-06-29 11:24 - 2013-06-27 00:05 - 04622336 ____A C:\Users\Owner\Downloads\Ch 12 summer, 2012.ppt
2013-06-29 11:23 - 2013-06-27 00:05 - 05758976 ____A C:\Users\Owner\Downloads\Ch 8, 9 rev summer 2011.ppt
2013-06-27 00:05 - 2013-06-27 00:05 - 04653056 ____A C:\Users\Owner\Downloads\Ch 5 summer 2011 (1).ppt
2013-06-26 00:34 - 2013-06-26 00:34 - 04655616 ____A C:\Users\Owner\Downloads\Ch 5 summer 2011.ppt
2013-06-25 23:15 - 2013-06-25 23:15 - 03278336 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (2).ppt
2013-06-23 21:11 - 2013-06-23 21:11 - 00309017 ____A C:\Users\Owner\Downloads\Study Guide 6-22-13.xlsx
2013-06-23 20:24 - 2011-10-05 13:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-23 18:09 - 2013-06-23 18:09 - 00000000 ____D C:\Users\Owner\Documents\Quarantine
2013-06-23 17:54 - 2013-06-23 17:54 - 00021235 ____A C:\ComboFix.txt
2013-06-23 17:54 - 2013-06-23 15:40 - 00000000 ____D C:\Qoobox
2013-06-23 17:54 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-06-23 17:50 - 2013-06-23 15:38 - 00000000 ____D C:\Windows\erdnt
2013-06-23 17:49 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-06-23 17:02 - 2013-06-23 16:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-23 16:40 - 2013-06-23 16:40 - 00000000 ____D C:\Users\Owner\Downloads\MBAR
2013-06-23 16:38 - 2013-06-23 16:38 - 13399154 ____A C:\Users\Owner\Downloads\mbar-1.06.0.1004.zip
2013-06-23 16:30 - 2013-06-23 16:27 - 03757568 ____A C:\Users\Owner\Downloads\RogueKillerX64.exe
2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-23 15:33 - 2013-06-23 15:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-23 14:52 - 2013-06-23 14:52 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-06-23 14:25 - 2013-06-22 21:58 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-23 14:25 - 2010-12-20 02:30 - 00000000 ____D C:\ProgramData\Norton
2013-06-23 14:22 - 2013-06-23 14:22 - 00000604 ____A C:\Users\Public\Desktop\Shared Space.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\FRST
2013-06-23 14:22 - 2013-06-23 14:20 - 00000000 ____D C:\ProgramData\Comodo
2013-06-23 14:20 - 2013-06-23 14:20 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-06-23 14:20 - 2013-06-23 14:20 - 00000000 ____D C:\Program Files\COMODO
2013-06-23 12:05 - 2013-06-22 21:56 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-22 22:09 - 2013-06-22 21:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
2013-06-22 22:09 - 2013-06-22 21:37 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\Users\Owner\AppData\Local\VS Revo Group
2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-06-22 21:21 - 2013-06-22 21:21 - 00000000 ____A C:\Windows\setuperr.log
2013-06-22 21:21 - 2011-10-24 13:30 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
2013-06-22 21:21 - 2011-10-24 13:30 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
2013-06-22 21:21 - 2011-09-30 21:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
2013-06-22 21:21 - 2011-09-30 21:20 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ____D C:\Program Files\TOSHIBA
2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2013-06-22 21:12 - 2013-05-31 13:48 - 00000000 ____D C:\Windows\Minidump
2013-06-22 21:12 - 2011-10-02 20:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-06-22 21:12 - 2010-08-08 19:00 - 00000000 ____D C:\Windows\Panther
2013-06-22 20:55 - 2013-06-22 20:55 - 00000000 ____D C:\Program Files\CCleaner
2013-06-22 20:43 - 2011-10-02 20:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-22 20:43 - 2011-10-02 20:47 - 00000000 ____D C:\ProgramData\Skype
2013-06-22 20:32 - 2010-08-08 18:59 - 00000000 ____D C:\ProgramData\Toshiba
2013-06-19 07:10 - 2013-06-19 07:10 - 03245056 ____A C:\Users\Owner\Downloads\Ch 4 summer 2011.ppt
2013-06-19 07:10 - 2013-06-19 07:10 - 02320896 ____A C:\Users\Owner\Downloads\Ch 3 summer 2011.ppt
2013-06-19 07:09 - 2013-06-19 07:09 - 04079104 ____A C:\Users\Owner\Downloads\ch 2 summer 2011.ppt
2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011.ppt
2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (1).ppt
2013-06-18 21:26 - 2013-06-18 21:26 - 00609336 ____A C:\Users\Owner\Downloads\setup.exe
2013-06-18 21:26 - 2013-06-18 21:26 - 00001091 ____A C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
2013-06-18 21:23 - 2013-06-17 18:05 - 00017719 ____A C:\Users\Owner\Downloads\SandX.xlsx
2013-06-17 22:46 - 2013-06-17 22:46 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13 (1).xlsx
2013-06-16 22:35 - 2013-06-16 22:35 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13.xlsx
2013-06-09 22:47 - 2012-10-18 09:34 - 00000000 ____D C:\Users\Owner\Documents\Resume stuff
2013-06-02 16:11 - 2011-06-20 15:49 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-12 17:41:54
Restore point made on: 2013-06-18 21:36:33
Restore point made on: 2013-06-19 07:09:00
Restore point made on: 2013-06-22 19:57:25
Restore point made on: 2013-06-22 20:23:30
Restore point made on: 2013-06-22 20:24:41
Restore point made on: 2013-06-22 20:26:04
Restore point made on: 2013-06-22 20:27:02
Restore point made on: 2013-06-22 20:28:25
Restore point made on: 2013-06-22 20:29:37
Restore point made on: 2013-06-22 20:30:19
Restore point made on: 2013-06-22 20:33:23
Restore point made on: 2013-06-22 20:42:49
Restore point made on: 2013-06-22 20:51:09
Restore point made on: 2013-06-22 21:04:48
Restore point made on: 2013-06-22 21:17:27
Restore point made on: 2013-06-22 21:28:14
Restore point made on: 2013-06-22 22:04:07
Restore point made on: 2013-06-23 14:00:04
Restore point made on: 2013-06-23 14:21:17
Restore point made on: 2013-06-23 16:38:33
Restore point made on: 2013-06-23 17:34:51
Restore point made on: 2013-06-23 18:11:33
Restore point made on: 2013-06-23 20:21:40
Restore point made on: 2013-06-29 12:40:35

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3894.69 MB
Available physical RAM: 3331.03 MB
Total Pagefile: 3892.84 MB
Available Pagefile: 3311.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI105965W0D) (Fixed) (Total:454.96 GB) (Free:406.18 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:3.74 GB) (Free:3.61 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C8EEC860)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-03-16 07:40

==================== End Of Log ============================
 
First of all you didn't follow my previous request:
redtarget.gif
You installed Comodo but you also have Webroot antivirus installed.
You must uninstall one of them.
Click to expand...

Then you didn't follow my rules by playing with uninstalling Comodo and installing MSE.
One of my rules says:
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Click to expand...

That means wasting my time.
We need to make your computer bootable, re-run some scans etc.

If it happens again I'll close this topic.

==============================================

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    29 bytes · Views: 0
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Ethical hackers show how to open millions of hotel keycard locks
Replies
16
Views
271
waclark
W
Cal Jeffrey
Vision Pro users are angry the device has no reset or recovery measures for password loss
Replies
7
Views
257
Cal Jeffrey
Cal Jeffrey
Daniel Sims
A Vulkan mod might help you run Alan Wake II on older GPUs
Replies
5
Views
511
GodisanAtheist
GodisanAtheist

Latest posts

Back