TechSpot

SCVHost.exe Trojan :/

Solved
By Amaze
Nov 26, 2012
  1. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : MYERS [Admin rights]
    Mode : Remove -- Date : 11/27/2012 06:33:10
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][NOTFOUND] HKCU\[...]\Run : Diagnostics (rundll32.exe "C:\Users\MYERS\AppData\Local\Google\Diagnostics\aepiwjvks.dll",StartupW) -> DELETED
    [RUN][NOTFOUND] HKUS\S-1-5-21-1447072285-3693872449-3215407428-1000_Classes[...]\Run : Diagnostics (rundll32.exe "C:\Users\MYERS\AppData\Local\Google\Diagnostics\aepiwjvks.dll",StartupW) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\82988245 (C:\windows\system32\drivers\20673455.sys) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\82988245 (C:\windows\system32\drivers\20673455.sys) -> DELETED
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts
    127.0.0.1 secure.tune-up.com

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3275GSX SATA Disk Device +++++
    --- User ---
    [MBR] f15bde6cfeb2a07fac1798f7125cda38
    [BSP] e4b67e3f6960bb73f78a032d786d7473 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289710 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596400128 | Size: 14034 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_11272012_02d0633.txt >>
    RKreport[1]_S_11272012_02d0631.txt ; RKreport[2]_D_11272012_02d0633.txt
     
  2. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-27 06:36:02
    -----------------------------
    06:36:02.124 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:36:02.124 Number of processors: 2 586 0x200
    06:36:02.124 ComputerName: MYERS-PC UserName: MYERS
    06:36:04.667 Initialize success
    06:37:14.286 AVAST engine defs: 12112700
    06:38:20.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
    06:38:20.352 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 11
    06:38:20.367 Disk 0 MBR read successfully
    06:38:20.383 Disk 0 MBR scan
    06:38:20.398 Disk 0 Windows VISTA default MBR code
    06:38:20.414 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    06:38:20.445 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289710 MB offset 3074048
    06:38:20.492 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14034 MB offset 596400128
    06:38:20.570 Disk 0 scanning C:\windows\system32\drivers
    06:38:45.811 Service scanning
    06:39:42.423 Modules scanning
    06:39:42.439 Disk 0 trace - called modules:
    06:39:42.501 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    06:39:43.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fe45d0]
    06:39:43.047 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa8002eb8040]
    06:39:43.063 5 amd_xata.sys[fffff880011098b4] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8002eb2060]
    06:39:45.013 AVAST engine scan C:\windows
    06:39:51.425 AVAST engine scan C:\windows\system32
    06:48:08.584 AVAST engine scan C:\windows\system32\drivers
    06:48:30.034 AVAST engine scan C:\Users\MYERS
    06:48:59.939 Disk 0 MBR has been saved successfully to "C:\Users\MYERS\Desktop\MBR.dat"
    06:48:59.954 The log file has been saved successfully to "C:\Users\MYERS\Desktop\aswMBR.txt"
     
  3. Broni

    Broni Malware Annihilator Posts: 47,623   +267

    Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.
     
  4. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-27 06:49:51
    -----------------------------
    06:49:51.514 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:49:51.514 Number of processors: 2 586 0x200
    06:49:51.514 ComputerName: MYERS-PC UserName: MYERS
    06:49:53.558 Initialize success
    06:50:13.635 AVAST engine defs: 12112700
    06:50:20.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
    06:50:20.015 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 11
    06:50:20.062 Disk 0 MBR read successfully
    06:50:20.078 Disk 0 MBR scan
    06:50:20.093 Disk 0 Windows VISTA default MBR code
    06:50:20.109 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    06:50:20.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289710 MB offset 3074048
    06:50:20.218 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14034 MB offset 596400128
    06:50:20.312 Disk 0 scanning C:\windows\system32\drivers
    06:50:39.703 Service scanning
    06:51:36.895 Modules scanning
    06:51:36.895 Disk 0 trace - called modules:
    06:51:36.941 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    06:51:36.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fe45d0]
    06:51:36.957 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa8002eb8040]
    06:51:36.957 5 amd_xata.sys[fffff880011098b4] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8002eb2060]
    06:51:38.907 AVAST engine scan C:\
    07:18:12.699 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0002.dta **INFECTED** Win32:Alureon-MJ@mbr [Rtk]
    07:18:13.386 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0003.dta **INFECTED** Win32:Malware-gen
    07:18:13.635 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0004.dta **INFECTED** Win32:Rootkit-gen [Rtk]
    07:18:13.760 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0005.dta **INFECTED** MBR:pihar-D [Rtk]
    07:18:13.947 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0009.dta **INFECTED** Win32:Rootkit-gen [Rtk]
    07:18:14.057 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0010.dta **INFECTED** Win64:Alureon-B@mbr [Rtk]
    07:24:40.984 Disk 0 MBR has been saved successfully to "C:\Users\MYERS\Documents\MBR.dat"
    07:24:40.984 The log file has been saved successfully to "C:\Users\MYERS\Documents\aswMBR.txt"
     
  5. Broni

    Broni Malware Annihilator Posts: 47,623   +267

    Please read my previous reply.
     
  6. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    Sorry was distracted.... again thank you for the help, it is greatly appreciated....

    Malwarebytes Anti-Malware (PRO) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.26.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    MYERS :: MYERS-PC [administrator]
    Protection: Enabled
    11/27/2012 12:53:07 PM
    mbam-log-2012-11-27 (12-53-07).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 503383
    Time elapsed: 6 hour(s), 1 minute(s), 49 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 1
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 2
    C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Savings Sidekick (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    Files Detected: 5
    C:\Users\MYERS\Downloads\Malwarebytes Anti-Malware v1.60.0.1800 Final Incl. Keygen\Keygen\Keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
    C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Users\MYERS\Local Settings\Application Data\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Users\MYERS\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    (end)
     
  7. Broni

    Broni Malware Annihilator Posts: 47,623   +267

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    Ok will do....
    do you think the rootkits are all gone?> still getting signs of them being present as internet is horrible, navigating through windows explorer is sluggish, and I just recently recieved a error after attempting to open tak manager saying that something is preventing winlogon.exe from opening..... and for some reason my keyboard is completly ****** up as it does thing completely random while typeing like going back pages and moving my cursor to type in a new place which turn this simple paragraph into a 10 minute ordeal lol
     
  9. Broni

    Broni Malware Annihilator Posts: 47,623   +267

    We're in the middle of the process...
     
  10. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    Ah ok.... will do then....

    the infected pc is on stage four right now,

    im typing from my good pc...

    about to run some of the programs on in to make sure it good too lol...
     
  11. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    What does it mean when aswMBR shows my services as locked?
     
     
  12. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    Ok the log from the infected pc....

    ComboFix 12-11-27.01 - MYERS 11/27/2012 19:58:25.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1781 [GMT -5:00]
    Running from: c:\users\MYERS\Desktop\ComboFix.exe
    AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
    SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\alotappbar
    c:\program files (x86)\alotappbar\alotUninst.exe
    c:\program files (x86)\alotappbar\bin\alotappbar.dll
    c:\program files (x86)\alotappbar\bin\alothelper.dll
    c:\program files (x86)\alotappbar\bin\ALOTSettings.exe
    c:\program files (x86)\alotappbar\bin\alotwidgets.exe
    c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
    c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
    c:\users\MYERS\AppData\Local\Savings Sidekick
    c:\windows\SysWow64\Cache
    c:\windows\SysWow64\Cache\272512937d9e61a4.fb
    c:\windows\SysWow64\Cache\287204568329e189.fb
    c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
    c:\windows\SysWow64\Cache\2bf7ef1736689fb0.fb
    c:\windows\SysWow64\Cache\2c53092c95605355.fb
    c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
    c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
    c:\windows\SysWow64\Cache\3917078cb68ec657.fb
    c:\windows\SysWow64\Cache\585a8f12f39e4c52.fb
    c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
    c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
    c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
    c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
    c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
    c:\windows\SysWow64\Cache\c1fa887b03019701.fb
    c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
    c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
    c:\windows\SysWow64\Cache\d2e94710a5708128.fb
    c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
    c:\windows\SysWow64\Cache\efe6e44c509b5c0b.fb
    c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-28 01:19 . 2012-11-28 01:19 -------- d-----w- c:\users\home\AppData\Local\temp
    2012-11-28 01:19 . 2012-11-28 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-27 08:04 . 2012-11-27 08:04 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-11-27 04:05 . 2012-11-27 04:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
    2012-11-27 04:00 . 2012-11-27 04:00 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-27 00:21 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-11-27 00:21 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-11-27 00:21 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-11-27 00:21 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-11-27 00:21 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-11-27 00:21 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2012-11-27 00:21 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
    2012-11-27 00:20 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-11-27 00:20 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-11-27 00:20 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-11-27 00:20 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-11-27 00:20 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-11-27 00:20 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-11-27 00:20 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-11-27 00:20 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
    2012-11-27 00:20 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-11-27 00:20 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-11-27 00:20 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-11-27 00:20 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-11-25 20:02 . 2012-11-25 20:02 -------- d-----w- c:\users\MYERS\AppData\Roaming\Malwarebytes
    2012-11-25 20:01 . 2012-11-25 20:01 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-25 20:01 . 2012-11-27 00:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-25 20:01 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-25 19:15 . 2011-11-03 01:29 34624 ----a-w- c:\windows\system32\TURegOpt.exe
    2012-11-25 19:15 . 2011-11-03 01:29 25920 ----a-w- c:\windows\system32\authuitu.dll
    2012-11-25 19:15 . 2011-11-03 01:29 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
    2012-11-25 19:13 . 2012-11-27 01:16 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
    2012-11-25 19:12 . 2012-11-25 19:15 -------- d-----w- c:\programdata\TuneUp Software
    2012-11-25 19:12 . 2012-11-25 19:12 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-11-25 18:23 . 2012-11-25 18:23 -------- d-----w- c:\programdata\Sunbelt
    2012-11-25 18:23 . 2012-11-25 18:23 -------- d-----w- c:\users\MYERS\AppData\Roaming\Sunbelt
    2012-11-25 18:20 . 2010-07-27 09:48 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2012-11-25 18:20 . 2010-07-27 09:48 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2012-11-25 18:19 . 2010-04-15 23:35 84056 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
    2012-11-25 18:19 . 2010-07-27 09:48 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
    2012-11-25 18:19 . 2010-08-20 14:18 27472 ----a-w- c:\windows\system32\sbbd.exe
    2012-11-25 18:19 . 2010-03-22 17:11 49752 ----a-w- c:\windows\system32\drivers\sbredrv.sys
    2012-11-25 18:19 . 2012-11-25 18:19 -------- d-----w- c:\program files (x86)\Sunbelt Software
    2012-11-25 17:57 . 2012-11-25 17:57 -------- d-----w- c:\program files (x86)\VS Revo Group
    2012-11-25 17:31 . 2012-11-25 17:31 -------- d-----w- c:\program files\7-Zip
    2012-11-25 17:18 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CBB6167-C739-41C2-B559-AFC12611D54B}\mpengine.dll
    2012-11-25 17:03 . 2012-11-28 01:18 -------- d-----w- c:\program files\PrivacySafeGuard
    2012-11-25 17:02 . 2012-11-25 17:02 -------- d-----w- c:\program files (x86)\BitTorrent
    2012-11-25 17:01 . 2012-11-26 03:56 -------- d-----w- c:\users\MYERS\AppData\Roaming\BitTorrent
    2012-11-25 16:49 . 2012-11-25 16:49 -------- d-----w- c:\users\home\AppData\Roaming\BitTorrent
    2012-11-18 07:30 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-18 07:30 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-18 07:30 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-18 07:30 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-18 07:17 . 2012-10-08 11:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-18 07:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-18 07:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-18 07:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-18 07:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-18 07:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-18 07:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-17 07:07 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-01 22:16 . 2012-11-01 22:16 -------- d-----w- c:\program files (x86)\MapsGalaxy_39
    2012-10-30 07:40 . 2012-10-30 07:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-18 07:12 . 2012-07-05 01:20 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-10-15 21:41 . 2012-05-30 14:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-15 21:41 . 2011-10-31 03:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-14 19:19 . 2012-10-10 03:47 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 03:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-09-12 01:10 . 2012-09-12 01:11 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-12 01:10 . 2011-10-31 03:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-31 18:19 . 2012-10-10 03:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 03:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 03:47 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 03:47 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Task Manager"="c:\windows\System32\taskmgr.exe" [2010-11-21 227328]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe"
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-08-20 2763080]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2010-04-15 84056]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-07-27 60504]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-30 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-07-27 253528]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 94296]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-08-15 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 64600]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-08-20 181584]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-03 2072896]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2010-04-15 84056]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 21:41]
    .
    2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 15:24]
    .
    2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 15:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com/
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=E550D01001CD30A80016C36D&src_id=30659&camp_id=4046&tb_version=1.1.3001.0(B)
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{1e91a655-bb4b-4693-a05e-2edebc4c9d89} - (no file)
    BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
    BHO-{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\PrivacySafeGuard\PrivacySafeGuard.dll
    Toolbar-Locked - (no file)
    Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files (x86)\alotappbar\bin\ALOTHelper.dll
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-26128049.sys
    SafeBoot-82988245.sys
    Toolbar-Locked - (no file)
    WebBrowser-{09152F0B-739C-4DEC-A245-1AA8A37594F1} - (no file)
    AddRemove-alotAppbar - c:\program files (x86)\alotappbar\alotUninst.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-27 20:27:44
    ComboFix-quarantined-files.txt 2012-11-28 01:27
    .
    Pre-Run: 249,013,411,840 bytes free
    Post-Run: 255,481,634,816 bytes free
    .
    - - End Of File - - 8D10C55C13430E2DBECE93782C3A3596
     
  13. Broni

    Broni Malware Annihilator Posts: 47,623   +267

    Nothing to worry about.

    Combofix log looks good.

    How is computer doing now?

    ================================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    Its quite an improvment, though things are still a bit twitchy and sluggish.
    I havent had enough time on it too be able to really give a yay or nay, though I definately will be able to tell within 24 hrs time.....

    I will run the programs suggested and give a full report tommorrow after I get home from work....

    thank you for helping me with this and I do my best to do the same, pay it forward if you will; as im trying to pursure some type of IT position and schooling right now.
    I will also continue to scan over the next few days and make sure nothing survived the "tech attack" and continue fire for effect if anything remains. guess thats the little bit of my 11B showing lol
     
  15. Broni

    Broni Malware Annihilator Posts: 47,623   +267

    When describing any current issues be more specific.
     
  16. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    Sorry cant do anything with pc tonight- hands tied....

    Will post results tommorrow
     
  17. Broni

    Broni Malware Annihilator Posts: 47,623   +267

  18. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    # AdwCleaner v2.009 - Logfile created 11/30/2012 at 14:01:16
    # Updated 24/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : MYERS - MYERS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\MYERS\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\home\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\MYERS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
    Folder Deleted : C:\Users\MYERS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Folder Deleted : C:\Users\MYERS\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\MYERS\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\MYERS\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\MYERS\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\MYERS\AppData\LocalLow\MyWebSearch
    Folder Deleted : C:\Users\MYERS\AppData\Roaming\Babylon
    Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Babylon
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3197087
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Software
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\MYERS\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.35] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
    Deleted [l.38] : keyword = "isearch.avg.com",
    Deleted [l.41] : search_url = "hxxps://isearch.avg.com/search?cid={ACB5C7F1-9D30-4F15-BF41-8CCEB17730F6}&mid=4[...]

    *************************

    AdwCleaner[S1].txt - [5500 octets] - [30/11/2012 14:01:16]

    ########## EOF - C:\AdwCleaner[S1].txt - [5560 octets] ##########
     
  19. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    OTL is taking a while to scan idk if its even doing anything
     
  20. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    OTL logfile created on: 11/30/2012 2:40:16 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MYERS\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.60 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 59.80% Memory free
    5.20 Gb Paging File | 3.90 Gb Available in Paging File | 74.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 282.92 Gb Total Space | 246.98 Gb Free Space | 87.30% Space Free | Partition Type: NTFS

    Computer Name: MYERS-PC | User Name: MYERS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/30 14:33:02 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    PRC - [2012/11/27 23:18:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MYERS\Desktop\OTL.exe
    PRC - [2012/11/20 01:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/08/15 17:56:48 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    PRC - [2010/08/20 09:33:18 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
    PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
    PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/30 14:33:01 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    MOD - [2012/11/20 01:17:34 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2011/06/08 00:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/30 14:33:02 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/20 01:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/08/15 17:56:48 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/11/02 20:29:20 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/08 01:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/08 00:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/14 15:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/11/05 10:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/11/05 10:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/07/27 04:48:30 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2010/07/27 04:48:30 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2010/07/27 04:48:28 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
    DRV:64bit: - [2010/06/14 14:54:30 | 000,064,600 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2010/04/15 18:35:00 | 000,084,056 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2010/04/15 18:35:00 | 000,084,056 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2010/03/22 12:11:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/10/31 15:00:20 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{BC799DF3-0888-4BFD-961C-FC10CE43470D}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{BC799DF3-0888-4BFD-961C-FC10CE43470D}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNP


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...a8705aa70eb&lang=en&ds=AVG&pr=pr&d=2012-05-12 23:37:04&v=12.2.5.32&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searc...d=30659&camp_id=4046&tb_version=1.1.3001.0(B)
    IE - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2%7D:0.8
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2012/11/25 22:55:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/30 14:14:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/11/30 14:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MYERS\AppData\Roaming\Mozilla\Extensions
    [2012/11/30 14:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MYERS\AppData\Roaming\Mozilla\Firefox\Profiles\oquy5sa4.default\extensions
    [2012/11/30 14:28:09 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\MYERS\AppData\Roaming\Mozilla\Firefox\Profiles\oquy5sa4.default\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}
    [2012/11/30 14:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/20 01:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/,homepage_is_...:[http://www.google.com/,http://welcome_page]
    CHR - homepage: http://start.toshiba.com
    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = http://clients5.google.com/complete...nputEncoding}&outputencoding={outputEncoding}
    CHR - homepage: http://start.toshiba.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - Extension: We-Care.com Reminder = C:\Users\MYERS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.27_0\
    CHR - Extension: AVG Secure Search = C:\Users\MYERS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\

    O1 HOSTS File: ([2012/11/27 20:21:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - No CLSID value found.
    O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found
    O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll File not found
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\..\Toolbar\WebBrowser: (no name) - {09152F0B-739C-4DEC-A245-1AA8A37594F1} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
    O4 - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000..\Run: [Windows Task Manager] C:\Windows\SysWOW64\taskmgr.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F5796AA-03E4-4D7D-BA35-28100894F8A0}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/30 14:33:59 | 000,000,000 | ---D | C] -- C:\Users\MYERS\AppData\Local\Macromedia
    [2012/11/30 14:15:16 | 000,000,000 | ---D | C] -- C:\Users\MYERS\AppData\Local\Mozilla
    [2012/11/30 14:15:15 | 000,000,000 | ---D | C] -- C:\Users\MYERS\AppData\Roaming\Mozilla
    [2012/11/30 14:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/11/30 13:57:07 | 000,000,000 | ---D | C] -- C:\Users\MYERS\AppData\Local\CrashDumps
    [2012/11/27 23:18:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MYERS\Desktop\OTL.exe
    [2012/11/27 21:01:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/27 20:27:48 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/11/27 19:54:20 | 005,007,302 | R--- | C] (Swearware) -- C:\Users\MYERS\Desktop\ComboFix.exe
    [2012/11/27 06:30:25 | 000,000,000 | ---D | C] -- C:\Users\MYERS\Desktop\RK_Quarantine
    [2012/11/27 06:29:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\MYERS\Desktop\aswMBR.exe
    [2012/11/27 03:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2012/11/26 23:00:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/11/26 22:58:13 | 000,000,000 | ---D | C] -- C:\Users\MYERS\Desktop\tdsskiller
    [2012/11/26 22:14:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\MYERS\Desktop\dds.com
    [2012/11/26 20:09:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/11/26 20:09:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/11/26 20:09:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/11/26 20:07:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/26 20:06:47 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/11/25 15:02:33 | 000,000,000 | ---D | C] -- C:\Users\MYERS\AppData\Roaming\Malwarebytes
    [2012/11/25 15:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/25 15:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/25 15:01:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/11/25 15:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/11/25 14:15:17 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
    [2012/11/25 14:15:11 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
    [2012/11/25 14:15:10 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
    [2012/11/25 14:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
    [2012/11/25 14:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
    [2012/11/25 14:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
    [2012/11/25 14:12:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    [2012/11/25 13:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
    [2012/11/25 13:23:18 | 000,000,000 | ---D | C] -- C:\Users\MYERS\AppData\Roaming\Sunbelt
    [2012/11/25 13:20:12 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbhips.sys
    [2012/11/25 13:20:11 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbtis.sys
    [2012/11/25 13:19:49 | 000,084,056 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFwIm.sys
    [2012/11/25 13:19:48 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFw.sys
    [2012/11/25 13:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
    [2012/11/25 13:19:42 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\drivers\sbredrv.sys
    [2012/11/25 13:19:42 | 000,027,472 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\sbbd.exe
    [2012/11/25 13:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
    [2012/11/25 12:57:21 | 000,000,000 | ---D | C] -- C:\Users\MYERS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012/11/25 12:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2012/11/25 12:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012/11/25 12:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2012/11/25 12:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\PrivacySafeGuard
    [2012/11/25 12:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy SafeGuard
    [2012/11/25 12:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
    [2012/11/25 12:01:49 | 000,000,000 | ---D | C] -- C:\Users\MYERS\AppData\Roaming\BitTorrent
    [2012/11/01 17:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MapsGalaxy_39
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/30 14:37:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/11/30 14:34:58 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/30 14:21:20 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/30 14:14:50 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/11/30 14:11:25 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/30 14:11:25 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/30 14:03:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/11/30 14:03:16 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/27 23:20:01 | 000,480,125 | ---- | M] () -- C:\Users\MYERS\Desktop\adwcleaner.exe
    [2012/11/27 23:18:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MYERS\Desktop\OTL.exe
    [2012/11/27 20:21:57 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/11/27 19:54:39 | 005,007,302 | R--- | M] (Swearware) -- C:\Users\MYERS\Desktop\ComboFix.exe
    [2012/11/27 07:24:40 | 000,000,512 | ---- | M] () -- C:\Users\MYERS\Documents\MBR.dat
    [2012/11/27 07:24:20 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/11/27 07:24:20 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/11/27 07:24:20 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/11/27 06:48:59 | 000,000,512 | ---- | M] () -- C:\Users\MYERS\Desktop\MBR.dat
    [2012/11/27 06:29:17 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\MYERS\Desktop\aswMBR.exe
    [2012/11/27 06:27:38 | 000,752,128 | ---- | M] () -- C:\Users\MYERS\Desktop\RogueKiller.exe
    [2012/11/27 03:24:30 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/11/27 01:00:00 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\SBRC.dat
    [2012/11/26 22:14:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\MYERS\Desktop\dds.com
    [2012/11/26 20:55:13 | 390,892,594 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/11/26 18:59:11 | 000,001,148 | ---- | M] () -- C:\Users\MYERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/11/26 18:59:11 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/25 14:15:02 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
    [2012/11/25 14:15:02 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
    [2012/11/25 13:19:43 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
    [2012/11/25 12:57:22 | 000,001,279 | ---- | M] () -- C:\Users\MYERS\Desktop\Revo Uninstaller.lnk
    [2012/11/25 12:04:06 | 000,000,258 | RHS- | M] () -- C:\Users\MYERS\ntuser.pol
    [2012/11/25 12:03:02 | 000,001,002 | ---- | M] () -- C:\Users\MYERS\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2012/11/25 12:03:02 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2012/11/18 02:16:28 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/30 14:14:50 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/11/30 14:14:50 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/11/27 23:20:01 | 000,480,125 | ---- | C] () -- C:\Users\MYERS\Desktop\adwcleaner.exe
    [2012/11/27 07:24:40 | 000,000,512 | ---- | C] () -- C:\Users\MYERS\Documents\MBR.dat
    [2012/11/27 06:48:59 | 000,000,512 | ---- | C] () -- C:\Users\MYERS\Desktop\MBR.dat
    [2012/11/27 06:27:38 | 000,752,128 | ---- | C] () -- C:\Users\MYERS\Desktop\RogueKiller.exe
    [2012/11/27 01:00:00 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\SBRC.dat
    [2012/11/26 20:09:02 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/11/26 20:09:02 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/11/26 20:09:02 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/11/26 20:09:02 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/11/26 20:09:02 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/11/25 15:01:45 | 000,001,148 | ---- | C] () -- C:\Users\MYERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/11/25 15:01:45 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/25 14:15:02 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
    [2012/11/25 14:15:02 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
    [2012/11/25 14:15:01 | 000,002,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
    [2012/11/25 13:19:43 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
    [2012/11/25 12:57:22 | 000,001,279 | ---- | C] () -- C:\Users\MYERS\Desktop\Revo Uninstaller.lnk
    [2012/11/25 12:04:06 | 000,000,258 | RHS- | C] () -- C:\Users\MYERS\ntuser.pol
    [2012/11/25 12:03:02 | 000,001,002 | ---- | C] () -- C:\Users\MYERS\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2012/11/25 12:03:02 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2012/11/18 02:30:42 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/18 02:11:47 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/08/15 23:34:51 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
    [2012/05/12 22:20:01 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/02/24 09:42:15 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
    [2012/02/24 09:28:24 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2012/02/24 09:24:39 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/09 17:10:44 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\AVG2012
    [2012/11/25 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\BitTorrent
    [2012/09/21 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\LegacyGames
    [2012/09/14 19:12:55 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Toshiba
    [2012/10/09 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\WildTangent
    [2012/06/10 07:42:49 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\.purple
    [2012/06/29 16:15:34 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\AlawarEntertainment
    [2012/09/04 00:23:18 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\Amaranth Games
    [2012/10/09 17:10:49 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\AVG2012
    [2012/11/25 22:56:59 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\BitTorrent
    [2012/05/12 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\Book Place
    [2012/09/28 22:21:21 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\DriverCure
    [2012/06/28 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\Funlinker
    [2012/06/10 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\gtk-2.0
    [2012/09/22 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\Oberon Media
    [2012/07/04 20:15:33 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\quickclick
    [2012/09/28 22:21:21 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\SpeedyPC Software
    [2012/05/12 22:38:55 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\Tific
    [2012/05/12 20:10:02 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\Toshiba
    [2012/09/29 18:52:06 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\TuneUp Software
    [2012/08/15 23:34:57 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\Virtual Prophecy
    [2012/08/10 00:09:16 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\WeatherBug
    [2012/06/17 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\WildTangent
    [2012/05/12 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\MYERS\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 400 bytes -> C:\ProgramData\TEMP:F9203350
    @Alternate Data Stream - 387 bytes -> C:\ProgramData\TEMP:47E35D9B

    < End of report >
     
  21. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    OTL Extras logfile created on: 11/30/2012 2:40:16 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MYERS\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.60 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 59.80% Memory free
    5.20 Gb Paging File | 3.90 Gb Available in Paging File | 74.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 282.92 Gb Total Space | 246.98 Gb Free Space | 87.30% Space Free | Partition Type: NTFS

    Computer Name: MYERS-PC | User Name: MYERS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1447072285-3693872449-3215407428-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1A269211-8BD8-417F-96E8-10D811E833E1}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2A3AE700-86C5-4D01-922E-92BFB6C65A82}" = rport=137 | protocol=17 | dir=out | app=system |
    "{43FD5422-C754-41E9-80F0-F7306695CD76}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{449FCD28-18AB-4553-B559-531FFDA7A695}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{4CC50198-04B8-4016-B7AC-D3ED184F2CA3}" = rport=138 | protocol=17 | dir=out | app=system |
    "{571F2FE1-9062-4CB6-998D-108AF854AFAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5FEE68D4-1F2F-494E-A0BD-0BAD74B1FC95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{84C8E132-F8C4-42C5-BEDD-76076B5C97F3}" = lport=138 | protocol=17 | dir=in | app=system |
    "{85B0C039-5E7A-4B9B-9B93-BE6BC2E6B49E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8B32B890-D408-48D7-9B0B-CE5AE104387F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{92E6580E-937E-470E-934A-5B4AD0CD9863}" = rport=139 | protocol=6 | dir=out | app=system |
    "{992D9B02-C62E-4770-98CD-6F7BB75B9429}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A4CCF512-6FD6-414E-9679-52F2FB11314D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A6EA0CCB-4C9D-4F46-A976-017F0AE7AD04}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B6152EE7-8181-40F7-B9F3-2FAA3AB8D0FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B7384284-6C20-4277-BE32-6DD5D9D8F970}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{D09F841C-3ED7-4C01-9C4F-C0D9B114F558}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{D3F23101-4472-4F1E-8F5C-95F05757004B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DB493D1F-FAAB-4444-B231-8ED26390ABE1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DBD0F604-31E4-4C4B-8F42-3A7672DD6526}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{DE1C169C-546D-4B5F-B0EC-209D2E89D300}" = rport=445 | protocol=6 | dir=out | app=system |
    "{E628FB77-C9EA-453A-945F-6D4F48D43F27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F1E52976-6EAE-4F63-A3F7-0C79C60CCB08}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F8CA221A-6AA4-4997-B2E5-C9286ED5184E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{08CAE8CA-DBEF-4837-B524-7BE6B309BA07}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1021FF82-6B93-4505-9360-056F9B61759A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{18E36171-96E6-486F-BF4E-777316285C52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{26EA69AC-6508-47DB-B567-1C546F0BEB6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{293D52B6-74DE-4D0E-A52D-23F3D9CC9ED8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{294FCF52-D013-4943-B999-8E2E56EFC8DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2D0025E2-2BAB-4FCF-9060-591C1758E792}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{300D694A-A318-462D-BB34-397A02CF30B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{308D572E-152E-40A3-B79A-A5BAF4B88CA8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3C8ED9E3-A07F-4BF8-8452-E16E2B3ACD0F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{44CE460B-5ADE-4F72-8C33-318658A26CA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4F5B58AC-0634-4E0A-9E80-B512B248A429}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{50805489-620F-4411-8D7D-216A4B8119AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{55875939-399E-4F94-9F18-F9C16BE4CA8A}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{562C3E4A-0E11-4753-AD80-FE578F61326F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{627670F1-A6ED-480D-B84F-128D0DD857CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{6ED9C102-EC2B-4262-B214-46C23E6E21F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{742B494D-E1C9-4242-A148-F04A6A23C5BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{76068F4B-A73A-4F62-964F-56DC6E759777}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{79232738-7D83-4AA4-B937-38DEBAAAE3C0}" = protocol=6 | dir=out | app=system |
    "{7AA56321-D645-4CA5-8A40-818B4E03D072}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{9AC189B2-73C0-46B9-9DFF-BA40782E2D94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A0D9224B-82E9-41B3-B18D-AA31035AA83F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A2F7D9C0-40A6-4CB0-844E-09A4CE37EA2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A75294BF-6D28-4190-9F30-9486B0656966}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{B2AB528E-6EE1-4743-800E-1A3ABEF96672}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BB51F5CA-F27A-49E7-859C-0F9C94D907AC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{C1482232-6EB6-450F-8EC7-AA23A3357A65}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{D30E4446-C960-430E-A48B-35AF390FA06D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D90622C5-4B16-4837-A619-911F4F3E745A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E30DDD2F-3DC9-4B24-B3B8-DA2E5E056A26}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{E63E2894-96FE-4A9D-A353-555A98B8602A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EEF52AE7-750D-43BE-9CFC-1F61C64C1FC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "TCP Query User{98F084BA-FF25-41F1-838B-48B1BE9A7953}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{309D6E86-B733-4912-8C9C-E180909713BA}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64
    "{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch
    "{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English
    "{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish
    "{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese
    "{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2305B203-951F-4D88-B366-6E86F524390D}" = VIPRE Antivirus Premium
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
    "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
    "{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{78FADD33-5D93-4FB8-AC29-1D823C0574B8}" = ASPCA Reminder by We-Care.com v4.1.17.1
    "{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
    "{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
    "{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center
    "{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian
    "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
    "{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian
    "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
    "{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common
    "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai
    "{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek
    "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish
    "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "alotAppbar" = ALOT Appbar
    "BitTorrent" = BitTorrent
    "Google Chrome" = Google Chrome
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NortonPCCheckup" = Toshiba Laptop Checkup
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "Setup Support for WeCare" = Setup Support for WeCare 1.0
    "TuneUp Utilities 2012" = TuneUp Utilities 2012
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-06d5fc0c-7d7f-4d01-bba3-7d62e1550e5e" = FATE - The Traitor Soul
    "WTA-2aa53102-a23a-45b4-93d4-30b338ae364b" = Tales of Lagoona
    "WTA-4c88e1e5-f38a-4434-a645-d4d30cfd2952" = Ghost Whisperer
    "WTA-4d8ed425-45b7-417e-b46d-86f91d2f0973" = Letters from Nowhere 2
    "WTA-524bf4cf-9d59-4378-81a0-9fd5c034665a" = The Hidden Object Show - Season 2
    "WTA-57a7c14f-b392-4197-939c-7236b30974d6" = Magic Academy
    "WTA-66ee1c98-b764-4661-84ba-55fa4b49bbba" = Temple of Life Collector's Edition
    "WTA-71e4736f-ce8d-4297-9346-06a9bcae1652" = Penguins!
    "WTA-7de392fd-e395-414c-bf0d-ab27a482c72d" = Bejeweled 3
    "WTA-931fa64f-a4e5-48ac-8e6d-df05269a4c73" = House of 1000 Doors: The Palm of Zoroaster
    "WTA-a0b5345c-7765-4d79-8376-18b78caae205" = Cases of Stolen Beauty
    "WTA-ab014ee6-7368-49bf-849f-2765b6793b2f" = Curse at Twilight
    "WTA-b2d53f1a-75fe-413b-afd7-16af60c9d816" = RollerCoaster Tycoon 3: Platinum
    "WTA-d51800a3-b3d5-4e3a-b2ee-f20dc51c8f23" = Zuma's Revenge
    "WTA-ef41fddb-2f50-434b-ad48-7d949b4ecd8d" = Plants vs. Zombies - Game of the Year
    "WTA-fb120529-a392-4f3c-ad34-7d993f75bf9e" = Theatre of the Absurd Collector's Edition
    "WTA-fbf4c939-982d-4c6e-aef3-132d5335329c" = Polar Bowler
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/17/2012 2:08:35 AM | Computer Name = MYERS-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 11/17/2012 2:08:39 AM | Computer Name = MYERS-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/17/2012 2:06:07 PM | Computer Name = MYERS-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/17/2012 2:06:49 PM | Computer Name = MYERS-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 11/17/2012 2:30:19 PM | Computer Name = MYERS-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/17/2012 2:30:22 PM | Computer Name = MYERS-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 11/17/2012 2:57:02 PM | Computer Name = MYERS-PC | Source = RasClient | ID = 20227
    Description =

    Error - 11/17/2012 3:25:43 PM | Computer Name = MYERS-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/18/2012 1:46:32 AM | Computer Name = MYERS-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 11/18/2012 1:46:51 AM | Computer Name = MYERS-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 11/27/2012 9:18:30 PM | Computer Name = MYERS-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 11/27/2012 9:22:02 PM | Computer Name = MYERS-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/27/2012 9:41:32 PM | Computer Name = MYERS-PC | Source = bowser | ID = 8003
    Description =

    Error - 11/27/2012 11:11:40 PM | Computer Name = MYERS-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 11/28/2012 12:23:52 AM | Computer Name = MYERS-PC | Source = DCOM | ID = 10010
    Description =

    Error - 11/30/2012 3:02:28 PM | Computer Name = MYERS-PC | Source = DCOM | ID = 10010
    Description =

    Error - 11/30/2012 3:05:36 PM | Computer Name = MYERS-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/30/2012 3:05:36 PM | Computer Name = MYERS-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Search service to connect.

    Error - 11/30/2012 3:05:36 PM | Computer Name = MYERS-PC | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053

    Error - 11/30/2012 3:45:34 PM | Computer Name = MYERS-PC | Source = bowser | ID = 8003
    Description =


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 47,623   +267

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O2 - BHO: (no name) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - No CLSID value found.
      O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found
      O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll File not found
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
      O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll File not found
      O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\..\Toolbar\WebBrowser: (no name) - {09152F0B-739C-4DEC-A245-1AA8A37594F1} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
      @Alternate Data Stream - 400 bytes -> C:\ProgramData\TEMP:F9203350
      @Alternate Data Stream - 387 bytes -> C:\ProgramData\TEMP:47E35D9B
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    I'm having some issues with the network adapter now...

    Once the pc has been sitting for a little while ( as far as I've observed this is when it happens) the network adapter disables it selfs and a restart is the only way to get it back online....
    I've tried modifying the registry for the service to restart automatically to no anvil

    Idk what's causing this but is a real pain lol
     
  24. Broni

    Broni Malware Annihilator Posts: 47,623   +267

    That may be a subject to a different forum.
    We must finish our cleaning process.
     
  25. Amaze

    Amaze TS Rookie Topic Starter Posts: 86

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-1447072285-3693872449-3215407428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1447072285-3693872449-3215407428-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09152F0B-739C-4DEC-A245-1AA8A37594F1} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09152F0B-739C-4DEC-A245-1AA8A37594F1}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
    ADS C:\ProgramData\TEMP:F9203350 deleted successfully.
    ADS C:\ProgramData\TEMP:47E35D9B deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: home

    User: MYERS
    ->Temp folder emptied: 20046916 bytes
    ->Temporary Internet Files folder emptied: 792238738 bytes
    ->Java cache emptied: 1878 bytes
    ->FireFox cache emptied: 37240099 bytes
    ->Flash cache emptied: 2558 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13851292 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 17607027 bytes

    Total Files Cleaned = 840.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: home

    User: MYERS
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: home

    User: MYERS
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12012012_174748

    Files\Folders moved on Reboot...
    C:\Users\MYERS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\MYERS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ESU8RR5\1353038385jtun_emt64sav10encful[1].m25 moved successfully.
    C:\Users\MYERS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2C2K4PFA\1354289896jtun_emt64sav10enccur25[1].m25 moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.