TechSpot

"System Check" virus/malware removal help please!

Solved
By DSG3002
Dec 30, 2011
  1. I was just browsing the internet as usual several hours ago when all of a sudden my anti-virus (Microsoft Security Essentials) starts giving warnings about a threat to my computer. After telling MSE to remove it, a few minutes later I get a bunch of pop-up windows saying something along the lines of "Failed to save all the components for the file \\System32\\000015f4. The file is corrupted or unreadable. This error may be caused by a PC hardware problem." Then this strange program called "System Check" randomly opens up and keeps asking me to scan my computer for a hardware malfunction, but I immediately figured this was some kind of a malware program so I tried closing it out. It refused to close by any means so I immediately opened up MalwareByte's Anti-Malware and started doing a full scan on my computer (I know that the 5-step instructions says to do otherwise, but I didn't even know about this forum when this first happened to me). It found about 6 different threats, I told it to remove them, and I restarted. Just in case I did another scan with MBAM and it found more threats on the second scan, then I had to restart again; this second restart MBAM said was "Urgent!" I then decided to do a full scan in MSE, and as I was doing this scan I decided to google this "System Check" program and eventually wound up here.

    I've since followed the 5-step instructions and here's what I've got for you guys:
     
  2. DSG3002

    DSG3002 TS Rookie Topic Starter

    MBAM Logs:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8400

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    12/30/2011 12:22:00 AM
    mbam-log-2011-12-30 (00-22-00).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 32851
    Time elapsed: 2 minute(s), 31 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    c:\programdata\avpyowqgoag.exe (Trojan.FakeAlert) -> 11224 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avPYOWQgOag.exe (Trojan.FakeAlert) -> Value: avPYOWQgOag.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\avpyowqgoag.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    --------------------------------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8400

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    12/30/2011 1:39:38 AM
    mbam-log-2011-12-30 (01-39-38).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 391105
    Time elapsed: 1 hour(s), 15 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Zack\AppData\Local\Temp\6gw0ewvcpbp4dr.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Zack\documents\Loader\windows loader v1.9.5\windows loader\windows loader.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

    --------------------------------------------------------------------------------------------------------

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.24.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Zack :: ZACK-PC [administrator]

    Protection: Disabled

    12/30/2011 1:59:27 AM
    mbam-log-2011-12-30 (01-59-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 173752
    Time elapsed: 3 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\ProgramData\rhQYf55w40W5xa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)
     
  3. DSG3002

    DSG3002 TS Rookie Topic Starter

    GMER Log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-30 06:54:51
    Windows 6.1.7601 Service Pack 1
    Running: dxwzl836.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59FDF527-9836-D26D-BFC2-CF316C60B602}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59FDF527-9836-D26D-BFC2-CF316C60B602}@haaolgdpappjgaok 0x61 0x61 0x00 0x00
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59FDF527-9836-D26D-BFC2-CF316C60B602}@iampbghkkihimgmkle 0x6B 0x61 0x6C 0x63 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59FDF527-9836-D26D-BFC2-CF316C60B602}@haoohfoplopiapnb 0x6B 0x61 0x6C 0x63 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59FDF527-9836-D26D-BFC2-CF316C60B602}@haaolgdpgpjdkbel 0x61 0x61 0x00 0x00

    ---- EOF - GMER 1.0.15 ----




    DDS Logs:

    DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Zack at 6:56:46 on 2011-12-30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3841 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\atieclxx.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\ThpSrv.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\System32\rundll32.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\windows\system32\wuauclt.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.toshiba.com
    uDefault_Page_URL = hxxp://start.toshiba.com
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
    mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{207BB0BD-8F1B-45EB-9E49-18D171182EF2} : DhcpNameServer = 129.65.16.254 129.65.21.254
    TCP: Interfaces\{82457D5E-3EFC-4862-AD1A-EED42567B0D4} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{82457D5E-3EFC-4862-AD1A-EED42567B0D4}\255637E6564775962756C6563737 : DhcpNameServer = 129.65.16.254 129.65.21.254
    TCP: Interfaces\{82457D5E-3EFC-4862-AD1A-EED42567B0D4}\A51636B637020586F6E656 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
    mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\dmvn28dv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/ig
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-30 652872]
    R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-7-25 1105848]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-6-13 135608]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-13 126392]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-4-7 294328]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\amdhub30.sys --> C:\windows\system32\DRIVERS\amdhub30.sys [?]
    R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\amdxhc.sys --> C:\windows\system32\DRIVERS\amdxhc.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
    R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-4-5 828336]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-13 54136]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-12-30 14:55:14 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01C8CD0D-6BFC-44A4-B3D8-28ABA0EE222E}\offreg.dll
    2011-12-30 14:55:11 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01C8CD0D-6BFC-44A4-B3D8-28ABA0EE222E}\mpengine.dll
    2011-12-20 11:15:00 -------- d-----w- C:\Program Files\Media Player Classic - Home Cinema
    2011-12-19 13:09:31 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2011-12-16 23:39:29 -------- d-----w- C:\Users\Zack\AppData\Roaming\Adobe Mini Bridge CS5
    2011-12-16 23:39:28 -------- d-----w- C:\Users\Zack\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-12-10 21:05:33 -------- d-----w- C:\Program Files (x86)\uTorrent
    2011-12-10 21:05:09 -------- d-----w- C:\Users\Zack\AppData\Local\uTorrent
    2011-12-10 19:57:03 506728 ----a-w- C:\windows\System32\d3dx10_34.dll
    2011-12-10 19:57:03 443752 ----a-w- C:\windows\SysWow64\d3dx10_34.dll
    2011-12-10 19:57:03 1401200 ----a-w- C:\windows\System32\D3DCompiler_34.dll
    2011-12-10 19:57:03 1124720 ----a-w- C:\windows\SysWow64\D3DCompiler_34.dll
    2011-12-10 19:57:01 4496232 ----a-w- C:\windows\System32\d3dx9_34.dll
    2011-12-10 19:57:01 3497832 ----a-w- C:\windows\SysWow64\d3dx9_34.dll
    2011-12-10 19:57:00 81768 ----a-w- C:\windows\SysWow64\xinput1_3.dll
    2011-12-10 19:57:00 107368 ----a-w- C:\windows\System32\xinput1_3.dll
    .
    ==================== Find3M ====================
    .
    2011-12-15 21:45:31 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-10 23:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
    2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
    2011-11-05 05:41:43 1188864 ----a-w- C:\windows\System32\wininet.dll
    2011-11-05 05:32:50 2048 ----a-w- C:\windows\System32\tzres.dll
    2011-11-05 04:35:00 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2011-11-05 03:32:47 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2011-11-05 02:48:51 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2011-10-26 05:21:20 43520 ----a-w- C:\windows\System32\csrsrv.dll
    2011-10-15 06:31:56 723456 ----a-w- C:\windows\System32\EncDec.dll
    2011-10-15 05:38:59 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
    .
    ============= FINISH: 6:57:14.27 ===============




    Attach:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/30/2011 12:30:20 PM
    System Uptime: 12/30/2011 3:51:20 AM (3 hours ago)
    .
    Motherboard: TOSHIBA | | QHRAE
    Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | P0 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 384.66 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP55: 12/18/2011 3:53:03 AM - Installed DirectX
    RP56: 12/20/2011 12:41:56 PM - Windows Update
    RP57: 12/24/2011 2:15:58 PM - Windows Update
    RP58: 12/28/2011 2:45:38 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.1) MUI
    AMD VISION Engine Control Center
    Atheros Driver Installation Program
    Audacity 1.3.13 (Unicode)
    Audiosurf
    Bejeweled 3
    BioShock
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Cisco NAC Agent
    D3DX10
    Defense Grid: The Awakening
    FATE - The Traitor Soul
    foobar2000 v1.1.7
    Guitar Pro 5.2
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Java Auto Updater
    Java(TM) 6 Update 20
    Jewel Quest: The Sleepless Star - Collector's Edition
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    Label@Once 1.0
    Left 4 Dead 2
    Malwarebytes Anti-Malware version 1.60.0.1800
    Mesh Runtime
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    Novarm DipTrace
    PDF Settings CS5
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Polar Bowler
    Portal
    Portal 2
    Racket v5.1.3
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Steam
    Team Fortress 2
    Tom Clancy's Splinter Cell
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Face Recognition
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA VIDEO PLAYER
    TOSHIBA Web Camera Application
    TOSHIBA Wireless LAN Indicator
    ToshibaRegistration
    TrueCrypt
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update Installer for WildTangent Games App
    Utility Common Driver
    VLC media player 1.1.11
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/26/2011 1:19:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/25/2011 10:49:20 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    12/23/2011 11:23:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. DSG3002

    DSG3002 TS Rookie Topic Starter

    aswMBR:

    aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-30 15:17:32
    -----------------------------
    15:17:32.491 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:17:32.491 Number of processors: 4 586 0x100
    15:17:32.493 ComputerName: ZACK-PC UserName: Zack
    15:17:33.939 Initialize success
    15:18:30.015 AVAST engine defs: 11123001
    15:21:16.698 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
    15:21:16.703 Disk 0 Vendor: TOSHIBA_ GB00 Size: 610480MB BusType: 11
    15:21:16.795 Disk 0 MBR read successfully
    15:21:16.801 Disk 0 MBR scan
    15:21:16.828 Disk 0 Windows VISTA default MBR code
    15:21:16.834 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    15:21:16.912 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595088 MB offset 3074048
    15:21:16.986 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13891 MB offset 1221814272
    15:21:17.033 Service scanning
    15:21:17.540 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    15:21:18.200 Modules scanning
    15:21:18.210 Disk 0 trace - called modules:
    15:21:18.251 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    15:21:18.277 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065da060]
    15:21:18.288 3 CLASSPNP.SYS[fffff8800148c43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80065d9060]
    15:21:18.300 5 thpdrv.sys[fffff880019952b0] -> nt!IofCallDriver -> [0xfffffa80054e1ac0]
    15:21:18.311 7 amd_xata.sys[fffff8800110aa1d] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8005f7a060]
    15:21:19.683 AVAST engine scan C:\windows
    15:21:23.050 AVAST engine scan C:\windows\system32
    15:24:28.462 AVAST engine scan C:\windows\system32\drivers
    15:24:45.018 AVAST engine scan C:\Users\Zack
    15:33:31.409 AVAST engine scan C:\ProgramData
    15:35:26.410 Scan finished successfully
    15:37:43.156 Disk 0 MBR has been saved successfully to "C:\Users\Zack\Desktop\MBR.dat"
    15:37:43.171 The log file has been saved successfully to "C:\Users\Zack\Desktop\aswMBR.txt"





    ComboFix.txt:


    ComboFix 11-12-30.02 - Zack 12/30/2011 15:49:26.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3585 [GMT -8:00]
    Running from: c:\users\Zack\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~rhQYf55w40W5xa
    c:\programdata\~rhQYf55w40W5xar
    c:\programdata\rhQYf55w40W5xa
    c:\programdata\xp
    c:\programdata\xp\EBLib.dll
    c:\programdata\xp\TPwSav.sys
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-31 00:05 . 2011-12-31 00:05 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01C8CD0D-6BFC-44A4-B3D8-28ABA0EE222E}\offreg.dll
    2011-12-31 00:03 . 2011-12-31 00:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-30 14:55 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01C8CD0D-6BFC-44A4-B3D8-28ABA0EE222E}\mpengine.dll
    2011-12-20 11:15 . 2011-12-20 11:15 -------- d-----w- c:\users\Zack\AppData\Roaming\Media Player Classic
    2011-12-20 11:15 . 2011-12-20 11:15 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
    2011-12-19 13:10 . 2011-12-26 13:19 -------- d-----w- c:\users\Zack\AppData\Roaming\vlc
    2011-12-19 13:09 . 2011-12-19 13:09 -------- d-----w- c:\program files (x86)\VideoLAN
    2011-12-16 23:39 . 2011-12-16 23:39 -------- d-----w- c:\users\Zack\AppData\Roaming\Adobe Mini Bridge CS5
    2011-12-16 23:39 . 2011-12-16 23:39 -------- d-----w- c:\users\Zack\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-12-10 21:05 . 2011-12-10 21:05 -------- d-----w- c:\program files (x86)\uTorrent
    2011-12-10 21:05 . 2011-12-10 21:05 -------- d-----w- c:\users\Zack\AppData\Local\uTorrent
    2011-12-10 19:57 . 2011-12-10 19:58 -------- d-----w- c:\users\Zack\AppData\Roaming\Bioshock
    2011-12-10 19:57 . 2007-05-17 00:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 443752 ----a-w- c:\windows\SysWow64\d3dx10_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 1401200 ----a-w- c:\windows\system32\D3DCompiler_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 1124720 ----a-w- c:\windows\SysWow64\D3DCompiler_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 4496232 ----a-w- c:\windows\system32\d3dx9_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
    2011-12-10 19:57 . 2007-04-05 02:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
    2011-12-10 19:57 . 2007-04-05 02:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-15 21:45 . 2011-08-30 23:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-10 23:24 . 2011-08-30 22:32 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-21 11:40 . 2011-09-01 12:03 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-11 05:15 . 2011-10-11 05:16 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13863BB7-D10F-40F6-AC31-D119D5DA1E11}\gapaengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
    "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2011-03-10 532480]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
    "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-07-25 525752]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
    S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-07-25 1105848]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-12-10 135608]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 10.0.1.1
    FF - ProfilePath - c:\users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\dmvn28dv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/ig
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    Toolbar-Locked - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1856170626-224712492-4181922709-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59FDF527-9836-D26D-BFC2-CF316C60B602}*]
    "haaolgdpappjgaok"=hex:61,61,00,00
    "iampbghkkihimgmkle"=hex:6b,61,6c,63,61,68,6e,66,64,62,6c,61,61,65,69,66,6c,6d,
    66,6f,6e,62,00,00
    "haoohfoplopiapnb"=hex:6b,61,6c,63,61,68,6e,66,64,62,6c,61,61,65,69,66,6c,6d,
    66,6f,6e,62,00,75
    "haaolgdpgpjdkbel"=hex:61,61,00,00
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59FDF527-9836-D26D-BFC2-CF316C60B602}\InProcServer32*]
    "iakpfoabhiifihkhmp"=hex:61,61,00,00
    "iakpfoabhigeocblil"=hex:61,61,00,00
    "jakpjbbhepfikgcigane"=hex:6b,61,6c,63,61,68,6e,66,64,62,6c,61,61,65,69,66,6c,
    6d,66,6f,6e,62,00,00
    "iakppndienjomdieek"=hex:6b,61,6c,63,61,68,6e,66,64,62,6c,61,61,65,69,66,6c,6d,
    66,6f,6e,62,00,75
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-12-30 16:27:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-31 00:26
    .
    Pre-Run: 412,653,899,776 bytes free
    Post-Run: 412,541,730,816 bytes free
    .
    - - End Of File - - 716DA6964F727272E984FC82F10F2021




    Also once the virus/malware hit it made aesthetic changes to my computer and I was wondering how to fix this:

    [​IMG]

    See how the active programs are like longer rectangles than the inactive programs? Before even active programs would stay the same size as inactive programs. How do I get it to go back to looking the normal way?
     
  6. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    I don't have Win 7 fired up right now so I can't take a look.
    Remind me later.

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RegNull::
    [HKEY_USERS\S-1-5-21-1856170626-224712492-4181922709-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59FDF527-9836-D26D-BFC2-CF316C60B602}*]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59FDF527-9836-D26D-BFC2-CF316C60B602}\InProcServer32*]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    Post new aswMBR log as well.
     
  7. DSG3002

    DSG3002 TS Rookie Topic Starter

    New ComboFix.txt:


    ComboFix 11-12-30.02 - Zack 12/30/2011 17:27:42.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.4208 [GMT -8:00]
    Running from: c:\users\Zack\Desktop\ComboFix.exe
    Command switches used :: c:\users\Zack\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-31 01:34 . 2011-12-31 01:34 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01C8CD0D-6BFC-44A4-B3D8-28ABA0EE222E}\offreg.dll
    2011-12-31 01:33 . 2011-12-31 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-30 14:55 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01C8CD0D-6BFC-44A4-B3D8-28ABA0EE222E}\mpengine.dll
    2011-12-20 11:15 . 2011-12-20 11:15 -------- d-----w- c:\users\Zack\AppData\Roaming\Media Player Classic
    2011-12-20 11:15 . 2011-12-20 11:15 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
    2011-12-19 13:10 . 2011-12-26 13:19 -------- d-----w- c:\users\Zack\AppData\Roaming\vlc
    2011-12-19 13:09 . 2011-12-19 13:09 -------- d-----w- c:\program files (x86)\VideoLAN
    2011-12-16 23:39 . 2011-12-16 23:39 -------- d-----w- c:\users\Zack\AppData\Roaming\Adobe Mini Bridge CS5
    2011-12-16 23:39 . 2011-12-16 23:39 -------- d-----w- c:\users\Zack\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-12-10 21:05 . 2011-12-10 21:05 -------- d-----w- c:\program files (x86)\uTorrent
    2011-12-10 21:05 . 2011-12-10 21:05 -------- d-----w- c:\users\Zack\AppData\Local\uTorrent
    2011-12-10 19:57 . 2011-12-10 19:58 -------- d-----w- c:\users\Zack\AppData\Roaming\Bioshock
    2011-12-10 19:57 . 2007-05-17 00:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 443752 ----a-w- c:\windows\SysWow64\d3dx10_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 1401200 ----a-w- c:\windows\system32\D3DCompiler_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 1124720 ----a-w- c:\windows\SysWow64\D3DCompiler_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 4496232 ----a-w- c:\windows\system32\d3dx9_34.dll
    2011-12-10 19:57 . 2007-05-17 00:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
    2011-12-10 19:57 . 2007-04-05 02:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
    2011-12-10 19:57 . 2007-04-05 02:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-15 21:45 . 2011-08-30 23:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-10 23:24 . 2011-08-30 22:32 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-21 11:40 . 2011-09-01 12:03 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-11 05:15 . 2011-10-11 05:16 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13863BB7-D10F-40F6-AC31-D119D5DA1E11}\gapaengine.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-31_00.06.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 05:10 . 2011-12-31 00:06 38630 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2011-08-30 19:34 . 2011-12-31 00:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-08-30 19:34 . 2011-12-31 01:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-08-30 19:34 . 2011-12-31 00:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-08-30 19:34 . 2011-12-31 01:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-08-30 19:34 . 2011-12-31 00:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-08-30 19:34 . 2011-12-31 01:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-08-30 19:30 . 2011-12-31 01:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-08-30 19:30 . 2011-12-31 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-08-30 19:30 . 2011-12-31 01:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-08-30 19:30 . 2011-12-31 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-09-21 21:51 . 2011-12-31 01:33 3420 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-08-30 19:32 . 2011-12-31 00:06 8130 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1856170626-224712492-4181922709-1001_UserData.bin
    + 2011-12-31 01:34 . 2011-12-31 01:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-12-31 00:05 . 2011-12-31 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-12-31 00:05 . 2011-12-31 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-12-31 01:34 . 2011-12-31 01:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2011-12-31 00:04 486816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-12-31 01:33 486816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-06-14 01:46 . 2011-12-31 00:04 2278768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-06-14 01:46 . 2011-12-31 01:33 2278768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-08-30 19:54 . 2011-12-31 01:33 36855008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1856170626-224712492-4181922709-1001-12288.dat
    - 2011-08-30 19:54 . 2011-12-31 00:04 36855008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1856170626-224712492-4181922709-1001-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
    "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2011-03-10 532480]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
    "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-07-25 525752]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
    S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-07-25 1105848]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-12-10 135608]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
    "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
    "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 10.0.1.1
    FF - ProfilePath - c:\users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\dmvn28dv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/ig
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-12-30 17:39:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-31 01:39
    ComboFix2.txt 2011-12-31 00:27
    .
    Pre-Run: 412,299,821,056 bytes free
    Post-Run: 412,247,146,496 bytes free
    .
    - - End Of File - - D29EF08157B330A290A815E77B6D8A79




    New aswMBR.txt:

    aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-30 17:43:30
    -----------------------------
    17:43:30.543 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:43:30.543 Number of processors: 4 586 0x100
    17:43:30.543 ComputerName: ZACK-PC UserName: Zack
    17:43:31.589 Initialize success
    17:45:00.083 AVAST engine defs: 11123001
    17:46:04.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
    17:46:04.449 Disk 0 Vendor: TOSHIBA_ GB00 Size: 610480MB BusType: 11
    17:46:04.543 Disk 0 MBR read successfully
    17:46:04.543 Disk 0 MBR scan
    17:46:04.558 Disk 0 Windows VISTA default MBR code
    17:46:04.574 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    17:46:04.590 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595088 MB offset 3074048
    17:46:04.636 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13891 MB offset 1221814272
    17:46:04.636 Service scanning
    17:46:05.120 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    17:46:05.760 Modules scanning
    17:46:05.760 Disk 0 trace - called modules:
    17:46:05.806 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    17:46:06.321 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065be060]
    17:46:06.321 3 CLASSPNP.SYS[fffff8800158443f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80065bd060]
    17:46:06.337 5 thpdrv.sys[fffff880019d52b0] -> nt!IofCallDriver -> [0xfffffa80054e1ac0]
    17:46:06.352 7 amd_xata.sys[fffff880010e5a1d] -> nt!IofCallDriver -> \Device\00000070[0xfffffa8005f61060]
    17:46:07.304 AVAST engine scan C:\windows
    17:46:10.143 AVAST engine scan C:\windows\system32
    17:47:45.740 AVAST engine scan C:\windows\system32\drivers
    17:47:56.660 AVAST engine scan C:\Users\Zack
    17:53:46.772 AVAST engine scan C:\ProgramData
    17:54:42.557 Scan finished successfully
    17:55:45.020 Disk 0 MBR has been saved successfully to "C:\Users\Zack\Desktop\MBR.dat"
    17:55:45.020 The log file has been saved successfully to "C:\Users\Zack\Desktop\aswMBR2.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    It looks to me like you're infected with the newest TDL rootkit.

    I'm not sure if TDSSKiller is set already to deal with it but let's give it a shot.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ============================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  9. DSG3002

    DSG3002 TS Rookie Topic Starter

    TDSSKiller said it didn't find any threats. Also how bad would a TDL rootkit be?


    TDSSKiller log/report:

    18:15:46.0501 0424 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    18:15:47.0047 0424 ============================================================
    18:15:47.0047 0424 Current date / time: 2011/12/30 18:15:47.0047
    18:15:47.0047 0424 SystemInfo:
    18:15:47.0047 0424
    18:15:47.0047 0424 OS Version: 6.1.7601 ServicePack: 1.0
    18:15:47.0047 0424 Product type: Workstation
    18:15:47.0047 0424 ComputerName: ZACK-PC
    18:15:47.0047 0424 UserName: Zack
    18:15:47.0047 0424 Windows directory: C:\windows
    18:15:47.0047 0424 System windows directory: C:\windows
    18:15:47.0047 0424 Running under WOW64
    18:15:47.0047 0424 Processor architecture: Intel x64
    18:15:47.0047 0424 Number of processors: 4
    18:15:47.0047 0424 Page size: 0x1000
    18:15:47.0047 0424 Boot type: Normal boot
    18:15:47.0047 0424 ============================================================
    18:15:48.0155 0424 Initialize success
    18:16:26.0366 4264 ============================================================
    18:16:26.0366 4264 Scan started
    18:16:26.0366 4264 Mode: Manual;
    18:16:26.0366 4264 ============================================================
    18:16:27.0177 4264 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    18:16:27.0177 4264 1394ohci - ok
    18:16:27.0286 4264 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    18:16:27.0302 4264 ACPI - ok
    18:16:27.0411 4264 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    18:16:27.0411 4264 AcpiPmi - ok
    18:16:27.0536 4264 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    18:16:27.0551 4264 adp94xx - ok
    18:16:27.0676 4264 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    18:16:27.0676 4264 adpahci - ok
    18:16:27.0801 4264 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    18:16:27.0801 4264 adpu320 - ok
    18:16:27.0926 4264 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
    18:16:27.0941 4264 AFD - ok
    18:16:28.0144 4264 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    18:16:28.0144 4264 agp440 - ok
    18:16:28.0285 4264 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    18:16:28.0285 4264 aliide - ok
    18:16:28.0378 4264 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\windows\system32\DRIVERS\amdhub30.sys
    18:16:28.0394 4264 amdhub30 - ok
    18:16:28.0487 4264 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    18:16:28.0487 4264 amdide - ok
    18:16:28.0581 4264 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    18:16:28.0581 4264 AmdK8 - ok
    18:16:28.0909 4264 amdkmdag (3ea481540bf571ce2ac422249c4e18a9) C:\windows\system32\DRIVERS\atikmdag.sys
    18:16:29.0111 4264 amdkmdag - ok
    18:16:29.0205 4264 amdkmdap (c5228c5fd5ca78002255089c4e74dc0e) C:\windows\system32\DRIVERS\atikmpag.sys
    18:16:29.0205 4264 amdkmdap - ok
    18:16:29.0314 4264 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
    18:16:29.0314 4264 AmdPPM - ok
    18:16:29.0408 4264 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    18:16:29.0408 4264 amdsata - ok
    18:16:29.0533 4264 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    18:16:29.0533 4264 amdsbs - ok
    18:16:29.0626 4264 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    18:16:29.0642 4264 amdxata - ok
    18:16:29.0735 4264 amdxhc (321533578132c811ec834a1b741c994c) C:\windows\system32\DRIVERS\amdxhc.sys
    18:16:29.0735 4264 amdxhc - ok
    18:16:29.0845 4264 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\windows\system32\DRIVERS\amd_sata.sys
    18:16:29.0845 4264 amd_sata - ok
    18:16:29.0938 4264 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\windows\system32\DRIVERS\amd_xata.sys
    18:16:29.0938 4264 amd_xata - ok
    18:16:30.0032 4264 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    18:16:30.0047 4264 AppID - ok
    18:16:30.0172 4264 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    18:16:30.0172 4264 arc - ok
    18:16:30.0281 4264 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    18:16:30.0281 4264 arcsas - ok
    18:16:30.0375 4264 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    18:16:30.0375 4264 AsyncMac - ok
    18:16:30.0500 4264 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    18:16:30.0500 4264 atapi - ok
    18:16:30.0671 4264 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
    18:16:30.0796 4264 athr - ok
    18:16:30.0921 4264 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
    18:16:30.0921 4264 AtiHDAudioService - ok
    18:16:31.0046 4264 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    18:16:31.0061 4264 b06bdrv - ok
    18:16:31.0155 4264 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    18:16:31.0155 4264 b57nd60a - ok
    18:16:31.0264 4264 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    18:16:31.0264 4264 Beep - ok
    18:16:31.0389 4264 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
    18:16:31.0389 4264 blbdrive - ok
    18:16:31.0498 4264 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    18:16:31.0498 4264 bowser - ok
    18:16:31.0576 4264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    18:16:31.0576 4264 BrFiltLo - ok
    18:16:31.0670 4264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    18:16:31.0670 4264 BrFiltUp - ok
    18:16:31.0779 4264 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    18:16:31.0779 4264 Brserid - ok
    18:16:31.0888 4264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    18:16:31.0888 4264 BrSerWdm - ok
    18:16:31.0982 4264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    18:16:31.0982 4264 BrUsbMdm - ok
    18:16:32.0075 4264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    18:16:32.0075 4264 BrUsbSer - ok
    18:16:32.0185 4264 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
    18:16:32.0185 4264 BtFilter - ok
    18:16:32.0278 4264 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    18:16:32.0278 4264 BTHMODEM - ok
    18:16:32.0325 4264 catchme - ok
    18:16:32.0419 4264 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    18:16:32.0434 4264 cdfs - ok
    18:16:32.0528 4264 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    18:16:32.0528 4264 cdrom - ok
    18:16:32.0637 4264 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
    18:16:32.0637 4264 CeKbFilter - ok
    18:16:32.0746 4264 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    18:16:32.0746 4264 circlass - ok
    18:16:32.0840 4264 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    18:16:32.0855 4264 CLFS - ok
    18:16:32.0996 4264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
    18:16:32.0996 4264 CmBatt - ok
    18:16:33.0074 4264 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    18:16:33.0074 4264 cmdide - ok
    18:16:33.0183 4264 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
    18:16:33.0199 4264 CNG - ok
    18:16:33.0308 4264 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    18:16:33.0308 4264 Compbatt - ok
    18:16:33.0401 4264 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
    18:16:33.0401 4264 CompositeBus - ok
    18:16:33.0495 4264 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    18:16:33.0495 4264 crcdisk - ok
    18:16:33.0635 4264 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    18:16:33.0635 4264 DfsC - ok
    18:16:33.0760 4264 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    18:16:33.0760 4264 discache - ok
    18:16:33.0885 4264 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    18:16:33.0885 4264 Disk - ok
    18:16:34.0010 4264 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    18:16:34.0010 4264 drmkaud - ok
    18:16:34.0119 4264 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    18:16:34.0135 4264 DXGKrnl - ok
    18:16:34.0291 4264 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    18:16:34.0400 4264 ebdrv - ok
    18:16:34.0556 4264 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    18:16:34.0556 4264 elxstor - ok
    18:16:34.0649 4264 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    18:16:34.0665 4264 ErrDev - ok
    18:16:34.0774 4264 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    18:16:34.0774 4264 exfat - ok
    18:16:34.0868 4264 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    18:16:34.0868 4264 fastfat - ok
    18:16:34.0977 4264 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    18:16:34.0977 4264 fdc - ok
    18:16:35.0117 4264 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    18:16:35.0133 4264 FileInfo - ok
    18:16:35.0227 4264 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    18:16:35.0227 4264 Filetrace - ok
    18:16:35.0320 4264 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    18:16:35.0320 4264 flpydisk - ok
    18:16:35.0414 4264 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    18:16:35.0429 4264 FltMgr - ok
    18:16:35.0523 4264 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    18:16:35.0523 4264 FsDepends - ok
    18:16:35.0617 4264 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
    18:16:35.0617 4264 Fs_Rec - ok
    18:16:35.0710 4264 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    18:16:35.0710 4264 fvevol - ok
    18:16:35.0819 4264 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    18:16:35.0819 4264 gagp30kx - ok
    18:16:35.0944 4264 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    18:16:35.0944 4264 hcw85cir - ok
    18:16:36.0038 4264 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    18:16:36.0053 4264 HdAudAddService - ok
    18:16:36.0147 4264 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
    18:16:36.0147 4264 HDAudBus - ok
    18:16:36.0256 4264 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    18:16:36.0256 4264 HidBatt - ok
    18:16:36.0350 4264 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    18:16:36.0350 4264 HidBth - ok
    18:16:36.0459 4264 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    18:16:36.0475 4264 HidIr - ok
    18:16:36.0584 4264 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
    18:16:36.0584 4264 HidUsb - ok
    18:16:36.0709 4264 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    18:16:36.0709 4264 HpSAMD - ok
    18:16:36.0818 4264 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    18:16:36.0833 4264 HTTP - ok
    18:16:36.0943 4264 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    18:16:36.0943 4264 hwpolicy - ok
    18:16:37.0036 4264 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
    18:16:37.0036 4264 i8042prt - ok
    18:16:37.0161 4264 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    18:16:37.0161 4264 iaStorV - ok
    18:16:37.0286 4264 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    18:16:37.0286 4264 iirsp - ok
    18:16:37.0457 4264 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\windows\system32\drivers\RTKVHD64.sys
    18:16:37.0473 4264 IntcAzAudAddService - ok
    18:16:37.0582 4264 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    18:16:37.0582 4264 intelide - ok
    18:16:37.0676 4264 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
    18:16:37.0676 4264 intelppm - ok
    18:16:37.0785 4264 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    18:16:37.0785 4264 IpFilterDriver - ok
    18:16:37.0894 4264 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    18:16:37.0894 4264 IPMIDRV - ok
    18:16:38.0003 4264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    18:16:38.0003 4264 IPNAT - ok
    18:16:38.0113 4264 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    18:16:38.0113 4264 IRENUM - ok
    18:16:38.0222 4264 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    18:16:38.0237 4264 isapnp - ok
    18:16:38.0347 4264 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    18:16:38.0362 4264 iScsiPrt - ok
    18:16:38.0456 4264 JMCR (25d602ae635a0443458fbed1a8b6e4e9) C:\windows\system32\DRIVERS\jmcr.sys
    18:16:38.0471 4264 JMCR - ok
    18:16:38.0581 4264 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
    18:16:38.0581 4264 kbdclass - ok
    18:16:38.0674 4264 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
    18:16:38.0674 4264 kbdhid - ok
    18:16:38.0783 4264 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
    18:16:38.0783 4264 KSecDD - ok
    18:16:38.0893 4264 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
    18:16:38.0893 4264 KSecPkg - ok
    18:16:39.0002 4264 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    18:16:39.0002 4264 ksthunk - ok
    18:16:39.0127 4264 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    18:16:39.0142 4264 lltdio - ok
    18:16:39.0251 4264 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
    18:16:39.0251 4264 LPCFilter - ok
    18:16:39.0361 4264 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    18:16:39.0361 4264 LSI_FC - ok
    18:16:39.0470 4264 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    18:16:39.0470 4264 LSI_SAS - ok
    18:16:39.0579 4264 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    18:16:39.0579 4264 LSI_SAS2 - ok
    18:16:39.0704 4264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    18:16:39.0704 4264 LSI_SCSI - ok
    18:16:39.0813 4264 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    18:16:39.0813 4264 luafv - ok
    18:16:39.0953 4264 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
    18:16:39.0953 4264 MBAMProtector - ok
    18:16:40.0063 4264 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    18:16:40.0063 4264 megasas - ok
    18:16:40.0187 4264 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    18:16:40.0187 4264 MegaSR - ok
    18:16:40.0312 4264 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    18:16:40.0328 4264 Modem - ok
    18:16:40.0421 4264 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    18:16:40.0421 4264 monitor - ok
    18:16:40.0577 4264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
    18:16:40.0577 4264 mouclass - ok
    18:16:40.0687 4264 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
    18:16:40.0687 4264 mouhid - ok
    18:16:40.0780 4264 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    18:16:40.0780 4264 mountmgr - ok
    18:16:40.0889 4264 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
    18:16:40.0889 4264 MpFilter - ok
    18:16:40.0983 4264 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    18:16:40.0983 4264 mpio - ok
    18:16:41.0092 4264 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
    18:16:41.0092 4264 MpNWMon - ok
    18:16:41.0357 4264 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    18:16:41.0373 4264 mpsdrv - ok
    18:16:41.0482 4264 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    18:16:41.0482 4264 MRxDAV - ok
    18:16:41.0576 4264 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    18:16:41.0576 4264 mrxsmb - ok
    18:16:41.0669 4264 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    18:16:41.0685 4264 mrxsmb10 - ok
    18:16:41.0779 4264 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    18:16:41.0779 4264 mrxsmb20 - ok
    18:16:41.0872 4264 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
    18:16:41.0872 4264 msahci - ok
    18:16:41.0966 4264 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    18:16:41.0966 4264 msdsm - ok
    18:16:42.0091 4264 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    18:16:42.0091 4264 Msfs - ok
    18:16:42.0184 4264 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    18:16:42.0184 4264 mshidkmdf - ok
    18:16:42.0262 4264 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    18:16:42.0262 4264 msisadrv - ok
    18:16:42.0387 4264 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    18:16:42.0387 4264 MSKSSRV - ok
    18:16:42.0496 4264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    18:16:42.0512 4264 MSPCLOCK - ok
    18:16:42.0605 4264 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    18:16:42.0605 4264 MSPQM - ok
    18:16:42.0715 4264 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    18:16:42.0730 4264 MsRPC - ok
    18:16:42.0824 4264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
    18:16:42.0824 4264 mssmbios - ok
    18:16:42.0917 4264 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    18:16:42.0917 4264 MSTEE - ok
    18:16:43.0027 4264 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    18:16:43.0027 4264 MTConfig - ok
    18:16:43.0136 4264 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    18:16:43.0136 4264 Mup - ok
    18:16:43.0276 4264 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    18:16:43.0276 4264 NativeWifiP - ok
    18:16:43.0417 4264 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
    18:16:43.0432 4264 NDIS - ok
    18:16:43.0541 4264 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    18:16:43.0541 4264 NdisCap - ok
    18:16:43.0651 4264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    18:16:43.0651 4264 NdisTapi - ok
    18:16:43.0744 4264 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    18:16:43.0744 4264 Ndisuio - ok
    18:16:43.0838 4264 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    18:16:43.0853 4264 NdisWan - ok
    18:16:43.0947 4264 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    18:16:43.0947 4264 NDProxy - ok
    18:16:44.0041 4264 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    18:16:44.0041 4264 NetBIOS - ok
    18:16:44.0134 4264 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    18:16:44.0150 4264 NetBT - ok
    18:16:44.0275 4264 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    18:16:44.0275 4264 nfrd960 - ok
    18:16:44.0368 4264 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
    18:16:44.0368 4264 NisDrv - ok
    18:16:44.0493 4264 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    18:16:44.0493 4264 Npfs - ok
    18:16:44.0587 4264 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    18:16:44.0587 4264 nsiproxy - ok
    18:16:44.0727 4264 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    18:16:44.0758 4264 Ntfs - ok
    18:16:44.0836 4264 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    18:16:44.0852 4264 Null - ok
    18:16:44.0945 4264 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    18:16:44.0945 4264 nvraid - ok
    18:16:45.0039 4264 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    18:16:45.0039 4264 nvstor - ok
    18:16:45.0133 4264 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    18:16:45.0133 4264 nv_agp - ok
    18:16:45.0242 4264 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    18:16:45.0242 4264 ohci1394 - ok
    18:16:45.0367 4264 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    18:16:45.0367 4264 Parport - ok
    18:16:45.0476 4264 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
    18:16:45.0476 4264 partmgr - ok
    18:16:45.0585 4264 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    18:16:45.0585 4264 pci - ok
    18:16:45.0679 4264 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    18:16:45.0679 4264 pciide - ok
    18:16:45.0772 4264 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    18:16:45.0772 4264 pcmcia - ok
    18:16:45.0866 4264 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    18:16:45.0866 4264 pcw - ok
    18:16:45.0975 4264 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    18:16:45.0975 4264 PEAUTH - ok
    18:16:46.0100 4264 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
    18:16:46.0100 4264 PGEffect - ok
    18:16:46.0256 4264 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    18:16:46.0256 4264 PptpMiniport - ok
    18:16:46.0349 4264 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    18:16:46.0349 4264 Processor - ok
    18:16:46.0490 4264 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    18:16:46.0490 4264 Psched - ok
    18:16:46.0630 4264 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    18:16:46.0661 4264 ql2300 - ok
    18:16:46.0755 4264 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    18:16:46.0771 4264 ql40xx - ok
    18:16:46.0880 4264 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    18:16:46.0880 4264 QWAVEdrv - ok
    18:16:46.0973 4264 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    18:16:46.0973 4264 RasAcd - ok
    18:16:47.0083 4264 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    18:16:47.0083 4264 RasAgileVpn - ok
    18:16:47.0192 4264 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    18:16:47.0192 4264 Rasl2tp - ok
    18:16:47.0301 4264 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    18:16:47.0317 4264 RasPppoe - ok
    18:16:47.0410 4264 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    18:16:47.0410 4264 RasSstp - ok
    18:16:47.0504 4264 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    18:16:47.0519 4264 rdbss - ok
    18:16:47.0597 4264 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
    18:16:47.0597 4264 rdpbus - ok
    18:16:47.0691 4264 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    18:16:47.0691 4264 RDPCDD - ok
    18:16:47.0816 4264 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    18:16:47.0816 4264 RDPENCDD - ok
    18:16:47.0925 4264 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    18:16:47.0925 4264 RDPREFMP - ok
    18:16:48.0019 4264 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
    18:16:48.0019 4264 RDPWD - ok
    18:16:48.0128 4264 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    18:16:48.0128 4264 rdyboost - ok
    18:16:48.0268 4264 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    18:16:48.0268 4264 rspndr - ok
    18:16:48.0377 4264 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
    18:16:48.0393 4264 RTL8167 - ok
    18:16:48.0487 4264 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    18:16:48.0487 4264 sbp2port - ok
    18:16:48.0596 4264 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    18:16:48.0596 4264 scfilter - ok
    18:16:48.0705 4264 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
    18:16:48.0705 4264 sdbus - ok
    18:16:48.0830 4264 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    18:16:48.0830 4264 secdrv - ok
    18:16:48.0939 4264 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    18:16:48.0939 4264 Serenum - ok
    18:16:49.0033 4264 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    18:16:49.0033 4264 Serial - ok
    18:16:49.0126 4264 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    18:16:49.0142 4264 sermouse - ok
    18:16:49.0251 4264 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    18:16:49.0251 4264 sffdisk - ok
    18:16:49.0345 4264 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    18:16:49.0345 4264 sffp_mmc - ok
    18:16:49.0454 4264 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    18:16:49.0454 4264 sffp_sd - ok
    18:16:49.0547 4264 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    18:16:49.0547 4264 sfloppy - ok
    18:16:49.0672 4264 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    18:16:49.0672 4264 SiSRaid2 - ok
    18:16:49.0766 4264 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    18:16:49.0781 4264 SiSRaid4 - ok
    18:16:49.0891 4264 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    18:16:49.0891 4264 Smb - ok
    18:16:50.0015 4264 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    18:16:50.0015 4264 spldr - ok
    18:16:50.0140 4264 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    18:16:50.0140 4264 srv - ok
    18:16:50.0234 4264 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    18:16:50.0249 4264 srv2 - ok
    18:16:50.0359 4264 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    18:16:50.0359 4264 srvnet - ok
    18:16:50.0483 4264 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    18:16:50.0483 4264 stexstor - ok
    18:16:50.0608 4264 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
    18:16:50.0608 4264 swenum - ok
    18:16:50.0749 4264 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
    18:16:50.0780 4264 SynTP - ok
    18:16:50.0920 4264 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
    18:16:50.0936 4264 Tcpip - ok
    18:16:51.0076 4264 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
    18:16:51.0092 4264 TCPIP6 - ok
    18:16:51.0185 4264 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    18:16:51.0185 4264 tcpipreg - ok
    18:16:51.0279 4264 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    18:16:51.0295 4264 tdcmdpst - ok
    18:16:51.0388 4264 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    18:16:51.0388 4264 TDPIPE - ok
    18:16:51.0482 4264 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
    18:16:51.0482 4264 TDTCP - ok
    18:16:51.0591 4264 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    18:16:51.0591 4264 tdx - ok
    18:16:51.0700 4264 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
    18:16:51.0700 4264 TermDD - ok
    18:16:51.0856 4264 Thpdrv (7f35ca8296a52c7161088eb1d952e8ed) C:\windows\system32\DRIVERS\thpdrv.sys
    18:16:51.0856 4264 Thpdrv - ok
    18:16:51.0950 4264 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
    18:16:51.0950 4264 Thpevm - ok
    18:16:52.0075 4264 Tosrfcom - ok
    18:16:52.0168 4264 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
    18:16:52.0168 4264 tosrfec - ok
    18:16:52.0277 4264 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
    18:16:52.0277 4264 Tosrfusb - ok
    18:16:52.0387 4264 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
    18:16:52.0402 4264 tos_sps64 - ok
    18:16:52.0527 4264 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\windows\system32\drivers\truecrypt.sys
    18:16:52.0527 4264 truecrypt - ok
    18:16:52.0652 4264 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    18:16:52.0652 4264 tssecsrv - ok
    18:16:52.0745 4264 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    18:16:52.0745 4264 TsUsbFlt - ok
    18:16:52.0855 4264 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    18:16:52.0855 4264 TsUsbGD - ok
    18:16:52.0964 4264 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    18:16:52.0964 4264 tunnel - ok
    18:16:53.0073 4264 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    18:16:53.0073 4264 TVALZ - ok
    18:16:53.0167 4264 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
    18:16:53.0167 4264 TVALZFL - ok
    18:16:53.0260 4264 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    18:16:53.0260 4264 uagp35 - ok
    18:16:53.0369 4264 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    18:16:53.0369 4264 udfs - ok
    18:16:53.0479 4264 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    18:16:53.0479 4264 uliagpkx - ok
    18:16:53.0588 4264 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    18:16:53.0588 4264 umbus - ok
    18:16:53.0681 4264 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    18:16:53.0681 4264 UmPass - ok
    18:16:53.0775 4264 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
    18:16:53.0775 4264 usbccgp - ok
    18:16:53.0884 4264 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    18:16:53.0884 4264 usbcir - ok
    18:16:53.0993 4264 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    18:16:53.0993 4264 usbehci - ok
    18:16:54.0087 4264 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
    18:16:54.0103 4264 usbhub - ok
    18:16:54.0181 4264 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
    18:16:54.0181 4264 usbohci - ok
    18:16:54.0290 4264 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    18:16:54.0290 4264 usbprint - ok
    18:16:54.0383 4264 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    18:16:54.0383 4264 USBSTOR - ok
    18:16:54.0477 4264 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    18:16:54.0477 4264 usbuhci - ok
    18:16:54.0602 4264 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    18:16:54.0602 4264 usbvideo - ok
    18:16:54.0758 4264 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    18:16:54.0758 4264 vdrvroot - ok
    18:16:54.0867 4264 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    18:16:54.0883 4264 vga - ok
    18:16:54.0961 4264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    18:16:54.0961 4264 VgaSave - ok
    18:16:54.0992 4264 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    18:16:54.0992 4264 vhdmp - ok
    18:16:55.0085 4264 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    18:16:55.0085 4264 viaide - ok
    18:16:55.0195 4264 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    18:16:55.0195 4264 volmgr - ok
    18:16:55.0304 4264 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    18:16:55.0319 4264 volmgrx - ok
    18:16:55.0429 4264 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
    18:16:55.0429 4264 volsnap - ok
    18:16:55.0553 4264 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    18:16:55.0553 4264 vsmraid - ok
    18:16:55.0647 4264 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    18:16:55.0647 4264 vwifibus - ok
    18:16:55.0756 4264 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    18:16:55.0756 4264 vwififlt - ok
    18:16:55.0850 4264 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
    18:16:55.0850 4264 vwifimp - ok
    18:16:55.0975 4264 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    18:16:55.0975 4264 WacomPen - ok
    18:16:56.0084 4264 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    18:16:56.0084 4264 WANARP - ok
    18:16:56.0099 4264 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    18:16:56.0099 4264 Wanarpv6 - ok
    18:16:56.0271 4264 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    18:16:56.0271 4264 Wd - ok
    18:16:56.0380 4264 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    18:16:56.0396 4264 Wdf01000 - ok
    18:16:56.0536 4264 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    18:16:56.0536 4264 WfpLwf - ok
    18:16:56.0630 4264 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    18:16:56.0630 4264 WIMMount - ok
    18:16:56.0786 4264 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
    18:16:56.0786 4264 WinUsb - ok
    18:16:56.0926 4264 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
    18:16:56.0926 4264 WmiAcpi - ok
    18:16:57.0051 4264 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    18:16:57.0067 4264 ws2ifsl - ok
    18:16:57.0176 4264 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    18:16:57.0176 4264 WudfPf - ok
    18:16:57.0269 4264 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    18:16:57.0285 4264 WUDFRd - ok
    18:16:57.0347 4264 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    18:16:57.0410 4264 \Device\Harddisk0\DR0 - ok
    18:16:57.0425 4264 Boot (0x1200) (08c19ffdf8a81ada453bb02a66afe032) \Device\Harddisk0\DR0\Partition0
    18:16:57.0441 4264 \Device\Harddisk0\DR0\Partition0 - ok
    18:16:57.0441 4264 ============================================================
    18:16:57.0441 4264 Scan finished
    18:16:57.0441 4264 ============================================================
    18:16:57.0457 4792 Detected object count: 0
    18:16:57.0457 4792 Actual detected object count: 0
     
  10. DSG3002

    DSG3002 TS Rookie Topic Starter

    FRST.txt:

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.1
    Ran by Zack at 2011-12-30 18:21:15
    Running from C:\Users\Zack\Desktop
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit]
    HKLM\...\Winlogon: [Shell]
    HKLM-x32\...\Winlogon: [Shell] [x x] ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2011-12-30 18:20 - 2011-12-30 18:20 - 1377537 ____A C:\Users\Zack\Desktop\FRST64.exe
    2011-12-30 18:15 - 2011-12-30 18:20 - 0078460 ____A C:\TDSSKiller.2.6.25.0_30.12.2011_18.15.46_log.txt
    2011-12-30 18:14 - 2011-12-30 18:14 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Zack\Desktop\tdsskiller.exe
    2011-12-30 17:55 - 2011-12-30 17:55 - 0002150 ____A C:\Users\Zack\Desktop\aswMBR2.txt
    2011-12-30 17:39 - 2011-12-30 17:39 - 0019184 ____A C:\ComboFix.txt
    2011-12-30 17:34 - 2011-12-30 17:34 - 0000000 ____D C:\$RECYCLE.BIN
    2011-12-30 15:48 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
    2011-12-30 15:48 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
    2011-12-30 15:48 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2011-12-30 15:48 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2011-12-30 15:48 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2011-12-30 15:48 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
    2011-12-30 15:48 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
    2011-12-30 15:48 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
    2011-12-30 15:47 - 2011-12-30 17:39 - 0000000 ____D C:\Qoobox
    2011-12-30 15:47 - 2011-12-30 16:21 - 0000000 ____D C:\Windows\ERDNT
    2011-12-30 15:38 - 2011-12-30 15:38 - 4358014 ____R (Swearware) C:\Users\Zack\Desktop\ComboFix.exe
    2011-12-30 15:37 - 2011-12-30 17:55 - 0000512 ____A C:\Users\Zack\Desktop\MBR.dat
    2011-12-30 15:37 - 2011-12-30 15:37 - 0002149 ____A C:\Users\Zack\Desktop\aswMBR.txt
    2011-12-30 14:41 - 2011-12-30 14:41 - 4702720 ____A (AVAST Software) C:\Users\Zack\Desktop\aswMBR.exe
    2011-12-30 07:23 - 2011-12-30 07:23 - 0041574 ____A C:\Users\Zack\Desktop\weird.PNG
    2011-12-30 06:54 - 2011-12-30 06:54 - 0000984 ____A C:\Users\Zack\Desktop\gmer.log
    2011-12-30 06:01 - 2011-12-30 06:01 - 0004284 ____A C:\Users\Zack\Desktop\mbam.txt
    2011-12-30 06:01 - 2011-12-30 06:01 - 0001426 ____A C:\Users\Zack\Desktop\help.txt
    2011-12-30 05:59 - 2011-12-30 05:59 - 0302592 ____A C:\Users\Zack\Downloads\dxwzl836.exe
    2011-12-30 01:41 - 2011-12-30 17:34 - 0001772 ____A C:\Windows\PFRO.log
    2011-12-30 01:33 - 2011-12-18 18:39 - 0000851 ____A C:\Users\Public\Desktop\Speccy.lnk
    2011-12-30 01:33 - 2011-09-28 09:15 - 0002079 ____A C:\Users\Public\Desktop\Cisco NAC Agent.lnk
    2011-12-30 01:33 - 2009-07-13 20:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
    2011-12-30 01:25 - 2011-12-30 01:25 - 0684297 ____A C:\Users\Zack\Downloads\unhide.exe
    2011-12-29 23:40 - 2011-12-29 23:40 - 0046836 ____A C:\Users\Zack\Desktop\winter2012_finalsched.PNG
    2011-12-27 14:17 - 2011-12-27 14:17 - 0082944 ____A C:\Users\Zack\Downloads\KINE255Syllabus1201.doc
    2011-12-26 05:17 - 2011-12-26 05:17 - 0000000 ____D C:\Users\Zack\Downloads\Candice Swanepoel (Lingerie Shoot) - Maglor1212
    2011-12-26 05:06 - 2011-12-29 05:53 - 0000000 ____D C:\Users\Zack\Downloads\Candice Swanepoel
    2011-12-26 05:04 - 2011-12-29 05:07 - 71106220 ____A C:\Users\Zack\Downloads\cswanepoelbootyshorts.rar
    2011-12-26 03:06 - 2011-12-26 03:06 - 0059415 ____A C:\Users\Zack\Desktop\winter2012_wlistfinal_sched.PNG
    2011-12-25 02:03 - 2011-12-25 02:03 - 0064194 ____A C:\Users\Zack\Downloads\metallica_bleeding_me.gp4
    2011-12-21 03:26 - 2011-12-21 03:26 - 18014252 ____A C:\Users\Zack\Downloads\blackmetal_01.wav
    2011-12-21 03:26 - 2011-12-21 03:26 - 0006138 ____A C:\Users\Zack\Downloads\blackmetal_01.aup
    2011-12-21 03:26 - 2011-12-21 03:26 - 0000000 ____D C:\Users\Zack\Downloads\blackmetal_01_data
    2011-12-21 03:00 - 2011-12-21 03:00 - 0102161 ____A C:\Users\Zack\Downloads\behemoth_horns_ov_baphomet.gp4
    2011-12-21 00:10 - 2011-12-21 00:10 - 0136126 ____A C:\Users\Zack\Downloads\nile_annihilation_of_the_wicked.gp5
    2011-12-20 03:15 - 2011-12-27 05:13 - 0000000 ____D C:\Users\Zack\Downloads\VS_Fashion_Show_2011_1080i_HD
    2011-12-20 03:15 - 2011-12-20 03:15 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Media Player Classic
    2011-12-20 03:15 - 2011-12-20 03:15 - 0000000 ____D C:\Program Files\Media Player Classic - Home Cinema
    2011-12-19 05:10 - 2011-12-26 05:19 - 0000000 ____D C:\Users\Zack\AppData\Roaming\vlc
    2011-12-19 05:09 - 2011-12-19 05:09 - 0000000 ____D C:\Program Files (x86)\VideoLAN
    2011-12-18 03:53 - 2009-03-16 14:18 - 0521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2011-12-18 03:53 - 2009-03-16 14:18 - 0517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2011-12-18 03:53 - 2009-03-16 14:18 - 0235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2011-12-18 03:53 - 2009-03-16 14:18 - 0174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2011-12-18 03:53 - 2009-03-16 14:18 - 0073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2011-12-18 03:53 - 2009-03-16 14:18 - 0024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2011-12-18 03:53 - 2009-03-16 14:18 - 0022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2011-12-18 03:53 - 2009-03-09 15:27 - 5425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2011-12-18 03:53 - 2009-03-09 15:27 - 4178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2011-12-18 03:53 - 2008-05-30 14:19 - 0507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2011-12-18 03:53 - 2008-05-30 14:18 - 0238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2011-12-18 03:53 - 2008-05-30 14:17 - 0065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2011-12-18 03:53 - 2008-05-30 14:17 - 0025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2011-12-18 03:53 - 2008-05-30 14:11 - 3850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2011-12-17 14:40 - 2011-12-17 14:40 - 0057278 ____A C:\Users\Zack\Downloads\machine_head_i_am_hell_sonata_in_c-sharp.gp4
    2011-12-17 14:21 - 2011-12-17 14:21 - 0248434 ____A C:\Users\Zack\Downloads\avenged_sevenfold_mia.gp5
    2011-12-17 13:48 - 2011-12-17 13:48 - 0077222 ____A C:\Users\Zack\Downloads\avenged_sevenfold_so_far_away.gp5
    2011-12-16 17:04 - 2011-12-16 17:04 - 0000132 ____A C:\Users\Zack\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2011-12-16 15:39 - 2011-12-16 15:39 - 0000000 ____D C:\Users\Zack\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-12-16 15:39 - 2011-12-16 15:39 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Adobe Mini Bridge CS5
    2011-12-16 15:33 - 2011-12-19 21:29 - 0180761 ____A C:\Users\Zack\Desktop\cpe4yr_physmin_flowchart.PNG
    2011-12-16 03:11 - 2011-12-16 03:14 - 2147483648 ____A C:\Users\Zack\Documents\truecryptvol_v2
    2011-12-15 15:02 - 2011-12-15 15:02 - 0156348 ____A C:\Users\Zack\Downloads\metallica_rebel_of_babylon.gp5
    2011-12-14 14:11 - 2011-11-23 20:52 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-12-14 14:11 - 2011-11-10 22:49 - 12261888 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-12-14 14:11 - 2011-11-10 22:49 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-12-14 14:11 - 2011-11-10 21:40 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-12-14 14:11 - 2011-11-10 21:40 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-12-14 14:11 - 2011-11-04 21:41 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-12-14 14:11 - 2011-11-04 21:41 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-12-14 14:11 - 2011-11-04 21:41 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-12-14 14:11 - 2011-11-04 21:38 - 9018880 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-12-14 14:11 - 2011-11-04 21:38 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2011-12-14 14:11 - 2011-11-04 21:38 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-12-14 14:11 - 2011-11-04 21:37 - 2454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-12-14 14:11 - 2011-11-04 21:37 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-12-14 14:11 - 2011-11-04 21:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-12-14 14:11 - 2011-11-04 20:35 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-12-14 14:11 - 2011-11-04 20:34 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-12-14 14:11 - 2011-11-04 20:34 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-12-14 14:11 - 2011-11-04 20:31 - 5997056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-12-14 14:11 - 2011-11-04 20:31 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2011-12-14 14:11 - 2011-11-04 20:31 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-12-14 14:11 - 2011-11-04 20:30 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-12-14 14:11 - 2011-11-04 20:30 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-12-14 14:11 - 2011-11-04 20:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-12-14 14:11 - 2011-11-04 19:32 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-12-14 14:11 - 2011-11-04 18:48 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-12-14 14:11 - 2011-10-25 21:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-12-14 14:11 - 2011-10-14 22:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-12-14 14:11 - 2011-10-14 21:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2011-12-13 12:45 - 2011-12-13 12:45 - 0173706 ____A C:\Users\Zack\Downloads\metallica_hate_train.gp5
    2011-12-13 12:45 - 2011-12-13 12:45 - 0097431 ____A C:\Users\Zack\Downloads\metallica_just_a_bullet_away.gp5
    2011-12-10 13:05 - 2011-12-10 13:05 - 0000000 ____D C:\Users\Zack\AppData\Local\uTorrent
    2011-12-10 13:05 - 2011-12-10 13:05 - 0000000 ____D C:\Program Files (x86)\uTorrent
    2011-12-10 11:57 - 2011-12-10 11:58 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Bioshock
    2011-12-10 11:57 - 2007-05-16 16:45 - 4496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2011-12-10 11:57 - 2007-05-16 16:45 - 3497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2011-12-10 11:57 - 2007-05-16 16:45 - 1401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2011-12-10 11:57 - 2007-05-16 16:45 - 1124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2011-12-10 11:57 - 2007-05-16 16:45 - 0506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2011-12-10 11:57 - 2007-05-16 16:45 - 0443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2011-12-10 11:57 - 2007-04-04 18:54 - 0107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2011-12-10 11:57 - 2007-04-04 18:53 - 0081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2011-12-10 11:56 - 2007-04-04 18:55 - 0403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2011-12-10 11:56 - 2007-04-04 18:55 - 0261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2011-12-10 11:56 - 2007-03-15 16:57 - 0506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2011-12-10 11:56 - 2007-03-15 16:57 - 0443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2011-12-10 11:56 - 2007-03-12 16:42 - 4494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
    2011-12-10 11:56 - 2007-03-12 16:42 - 3495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2011-12-10 11:56 - 2007-03-12 16:42 - 1400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2011-12-10 11:56 - 2007-03-12 16:42 - 1123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2011-12-10 11:56 - 2007-03-05 12:42 - 0017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2011-12-10 11:56 - 2007-03-05 12:42 - 0015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2011-12-10 11:56 - 2007-01-24 15:27 - 0393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2011-12-10 11:56 - 2007-01-24 15:27 - 0255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2011-12-10 11:56 - 2006-12-08 12:02 - 0251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2011-12-10 11:56 - 2006-12-08 12:00 - 0390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2011-12-10 11:56 - 2006-11-29 13:06 - 4398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2011-12-10 11:56 - 2006-11-29 13:06 - 3426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2011-12-10 11:56 - 2006-11-29 13:06 - 0469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2011-12-10 11:56 - 2006-11-29 13:06 - 0440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2011-12-10 11:56 - 2006-09-28 16:05 - 3977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2011-12-10 11:56 - 2006-09-28 16:05 - 2414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2011-12-10 11:56 - 2006-09-28 16:05 - 0237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2011-12-10 11:56 - 2006-09-28 16:04 - 0364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2011-12-10 11:56 - 2006-07-28 09:31 - 0083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2011-12-10 11:56 - 2006-07-28 09:30 - 0363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2011-12-10 11:56 - 2006-07-28 09:30 - 0236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2011-12-10 11:56 - 2006-07-28 09:30 - 0062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2011-12-10 11:56 - 2006-05-31 07:24 - 0230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2011-12-10 11:56 - 2006-05-31 07:22 - 0354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2011-12-10 11:56 - 2006-03-31 12:41 - 3927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2011-12-10 11:56 - 2006-03-31 12:40 - 2388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2011-12-10 11:56 - 2006-03-31 12:40 - 0352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2011-12-10 11:56 - 2006-03-31 12:39 - 0229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2011-12-10 11:56 - 2006-03-31 12:39 - 0083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2011-12-10 11:56 - 2006-03-31 12:39 - 0062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2011-12-10 11:56 - 2006-02-03 08:43 - 3830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2011-12-10 11:56 - 2006-02-03 08:43 - 2332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2011-12-10 11:56 - 2006-02-03 08:42 - 0355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2011-12-10 11:56 - 2006-02-03 08:42 - 0230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2011-12-10 11:56 - 2006-02-03 08:41 - 0016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2011-12-10 11:56 - 2006-02-03 08:41 - 0014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2011-12-10 11:56 - 2005-12-05 18:09 - 3815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2011-12-10 11:56 - 2005-12-05 18:09 - 2323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2011-12-10 11:56 - 2005-07-22 19:59 - 3807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2011-12-10 11:56 - 2005-07-22 19:59 - 2319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2011-12-10 11:56 - 2005-05-26 15:34 - 3767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2011-12-10 11:56 - 2005-05-26 15:34 - 2297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2011-12-10 11:56 - 2005-03-18 17:19 - 3823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2011-12-10 11:56 - 2005-03-18 17:19 - 2337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2011-12-10 11:56 - 2005-02-05 19:45 - 3544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2011-12-10 11:56 - 2005-02-05 19:45 - 2222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2011-12-10 11:55 - 2011-12-18 03:53 - 0185837 ____A C:\Windows\DirectX.log
    2011-12-10 01:35 - 2011-12-11 02:50 - 0000003 ____A C:\Users\Zack\nugsCount.txt
    2011-12-05 09:49 - 2011-12-05 09:49 - 0016085 ____A C:\Users\Zack\Downloads\final-solutions.rkt
    2011-12-04 14:40 - 2011-12-04 14:40 - 0016848 ____A C:\Users\Zack\Downloads\final-questions(1).txt
    2011-12-02 11:35 - 2011-12-02 11:24 - 0003058 ____A C:\Users\Zack\Downloads\assignment3.bak
    2011-12-02 11:24 - 2011-12-02 11:35 - 0003010 ____A C:\Users\Zack\Downloads\assignment3.rkt
    2011-12-02 10:55 - 2011-12-02 10:55 - 0003570 ____A C:\Users\Zack\Downloads\stream-based-playback.rkt
    2011-12-01 13:36 - 2011-12-01 13:36 - 0000427 ____A C:\Users\Zack\Downloads\dingboard(1).rkt
    2011-12-01 12:27 - 2011-12-01 13:03 - 0000000 ____D C:\Users\Zack\Downloads\cpe123finalproject


    ============ 3 Months Modified Files and Folders =============

    2011-12-30 18:21 - 2011-12-30 18:21 - 0000000 ____D C:\FRST
    2011-12-30 18:20 - 2011-12-30 18:20 - 1377537 ____A C:\Users\Zack\Desktop\FRST64.exe
    2011-12-30 18:20 - 2011-12-30 18:15 - 0078460 ____A C:\TDSSKiller.2.6.25.0_30.12.2011_18.15.46_log.txt
    2011-12-30 18:14 - 2011-12-30 18:14 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Zack\Desktop\tdsskiller.exe
    2011-12-30 17:55 - 2011-12-30 17:55 - 0002150 ____A C:\Users\Zack\Desktop\aswMBR2.txt
    2011-12-30 17:55 - 2011-12-30 15:37 - 0000512 ____A C:\Users\Zack\Desktop\MBR.dat
    2011-12-30 17:44 - 2011-06-13 17:38 - 1905662 ____A C:\Windows\WindowsUpdate.log
    2011-12-30 17:43 - 2009-07-13 20:45 - 0025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2011-12-30 17:43 - 2009-07-13 20:45 - 0025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2011-12-30 17:39 - 2011-12-30 17:39 - 0019184 ____A C:\ComboFix.txt
    2011-12-30 17:39 - 2011-12-30 15:47 - 0000000 ____D C:\Qoobox
    2011-12-30 17:34 - 2011-12-30 17:34 - 0000000 ____D C:\$RECYCLE.BIN
    2011-12-30 17:34 - 2011-12-30 01:41 - 0001772 ____A C:\Windows\PFRO.log
    2011-12-30 17:34 - 2011-11-07 15:06 - 0001802 ____A C:\Windows\setupact.log
    2011-12-30 17:34 - 2011-06-13 17:31 - 115871744 __ASH C:\hiberfil.sys
    2011-12-30 17:34 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2011-12-30 17:34 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
    2011-12-30 17:34 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
    2011-12-30 16:27 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
    2011-12-30 16:27 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
    2011-12-30 16:21 - 2011-12-30 15:47 - 0000000 ____D C:\Windows\ERDNT
    2011-12-30 15:38 - 2011-12-30 15:38 - 4358014 ____R (Swearware) C:\Users\Zack\Desktop\ComboFix.exe
    2011-12-30 15:37 - 2011-12-30 15:37 - 0002149 ____A C:\Users\Zack\Desktop\aswMBR.txt
    2011-12-30 14:41 - 2011-12-30 14:41 - 4702720 ____A (AVAST Software) C:\Users\Zack\Desktop\aswMBR.exe
    2011-12-30 07:23 - 2011-12-30 07:23 - 0041574 ____A C:\Users\Zack\Desktop\weird.PNG
    2011-12-30 06:54 - 2011-12-30 06:54 - 0000984 ____A C:\Users\Zack\Desktop\gmer.log
    2011-12-30 06:01 - 2011-12-30 06:01 - 0004284 ____A C:\Users\Zack\Desktop\mbam.txt
    2011-12-30 06:01 - 2011-12-30 06:01 - 0001426 ____A C:\Users\Zack\Desktop\help.txt
    2011-12-30 05:59 - 2011-12-30 05:59 - 0302592 ____A C:\Users\Zack\Downloads\dxwzl836.exe
    2011-12-30 01:57 - 2011-08-30 14:32 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-30 01:25 - 2011-12-30 01:25 - 0684297 ____A C:\Users\Zack\Downloads\unhide.exe
    2011-12-29 23:40 - 2011-12-29 23:40 - 0046836 ____A C:\Users\Zack\Desktop\winter2012_finalsched.PNG
    2011-12-29 06:03 - 2011-10-05 00:57 - 0000000 ____D C:\Users\Zack\AppData\Roaming\uTorrent
    2011-12-29 05:53 - 2011-12-26 05:06 - 0000000 ____D C:\Users\Zack\Downloads\Candice Swanepoel
    2011-12-29 05:07 - 2011-12-26 05:04 - 71106220 ____A C:\Users\Zack\Downloads\cswanepoelbootyshorts.rar
    2011-12-27 14:17 - 2011-12-27 14:17 - 0082944 ____A C:\Users\Zack\Downloads\KINE255Syllabus1201.doc
    2011-12-27 05:13 - 2011-12-20 03:15 - 0000000 ____D C:\Users\Zack\Downloads\VS_Fashion_Show_2011_1080i_HD
    2011-12-26 15:11 - 2011-08-31 01:49 - 0000000 ____D C:\Program Files (x86)\Steam
    2011-12-26 05:19 - 2011-12-19 05:10 - 0000000 ____D C:\Users\Zack\AppData\Roaming\vlc
    2011-12-26 05:17 - 2011-12-26 05:17 - 0000000 ____D C:\Users\Zack\Downloads\Candice Swanepoel (Lingerie Shoot) - Maglor1212
    2011-12-26 03:06 - 2011-12-26 03:06 - 0059415 ____A C:\Users\Zack\Desktop\winter2012_wlistfinal_sched.PNG
    2011-12-25 02:03 - 2011-12-25 02:03 - 0064194 ____A C:\Users\Zack\Downloads\metallica_bleeding_me.gp4
    2011-12-24 14:10 - 2009-07-13 21:13 - 0729752 ____A C:\Windows\System32\PerfStringBackup.INI
    2011-12-24 05:13 - 2011-09-10 02:04 - 0000000 ____D C:\Users\Zack\AppData\Roaming\foobar2000
    2011-12-21 03:26 - 2011-12-21 03:26 - 18014252 ____A C:\Users\Zack\Downloads\blackmetal_01.wav
    2011-12-21 03:26 - 2011-12-21 03:26 - 0006138 ____A C:\Users\Zack\Downloads\blackmetal_01.aup
    2011-12-21 03:26 - 2011-12-21 03:26 - 0000000 ____D C:\Users\Zack\Downloads\blackmetal_01_data
    2011-12-21 03:26 - 2011-09-30 15:29 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Audacity
    2011-12-21 03:00 - 2011-12-21 03:00 - 0102161 ____A C:\Users\Zack\Downloads\behemoth_horns_ov_baphomet.gp4
    2011-12-21 00:10 - 2011-12-21 00:10 - 0136126 ____A C:\Users\Zack\Downloads\nile_annihilation_of_the_wicked.gp5
    2011-12-20 03:15 - 2011-12-20 03:15 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Media Player Classic
    2011-12-20 03:15 - 2011-12-20 03:15 - 0000000 ____D C:\Program Files\Media Player Classic - Home Cinema
    2011-12-19 21:29 - 2011-12-16 15:33 - 0180761 ____A C:\Users\Zack\Desktop\cpe4yr_physmin_flowchart.PNG
    2011-12-19 05:09 - 2011-12-19 05:09 - 0000000 ____D C:\Program Files (x86)\VideoLAN
    2011-12-18 18:39 - 2011-12-30 01:33 - 0000851 ____A C:\Users\Public\Desktop\Speccy.lnk
    2011-12-18 18:38 - 2011-09-19 21:17 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Racket
    2011-12-18 05:24 - 2011-08-30 14:35 - 0000000 ____D C:\Program Files\Speccy
    2011-12-18 03:53 - 2011-12-10 11:55 - 0185837 ____A C:\Windows\DirectX.log
    2011-12-17 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
    2011-12-17 14:40 - 2011-12-17 14:40 - 0057278 ____A C:\Users\Zack\Downloads\machine_head_i_am_hell_sonata_in_c-sharp.gp4
    2011-12-17 14:21 - 2011-12-17 14:21 - 0248434 ____A C:\Users\Zack\Downloads\avenged_sevenfold_mia.gp5
    2011-12-17 13:48 - 2011-12-17 13:48 - 0077222 ____A C:\Users\Zack\Downloads\avenged_sevenfold_so_far_away.gp5
    2011-12-17 01:39 - 2011-08-30 17:47 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-12-17 01:39 - 2011-08-30 17:47 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-12-16 17:04 - 2011-12-16 17:04 - 0000132 ____A C:\Users\Zack\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2011-12-16 15:39 - 2011-12-16 15:39 - 0000000 ____D C:\Users\Zack\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-12-16 15:39 - 2011-12-16 15:39 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Adobe Mini Bridge CS5
    2011-12-16 03:14 - 2011-12-16 03:11 - 2147483648 ____A C:\Users\Zack\Documents\truecryptvol_v2
    2011-12-15 15:02 - 2011-12-15 15:02 - 0156348 ____A C:\Users\Zack\Downloads\metallica_rebel_of_babylon.gp5
    2011-12-15 13:45 - 2011-08-30 15:10 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2011-12-15 03:24 - 2009-07-13 20:45 - 4989864 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-12-15 03:03 - 2011-09-02 23:31 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-12-13 12:45 - 2011-12-13 12:45 - 0173706 ____A C:\Users\Zack\Downloads\metallica_hate_train.gp5
    2011-12-13 12:45 - 2011-12-13 12:45 - 0097431 ____A C:\Users\Zack\Downloads\metallica_just_a_bullet_away.gp5
    2011-12-12 05:28 - 2011-09-03 00:38 - 0000000 ____D C:\Users\Zack\AppData\Local\ElevatedDiagnostics
    2011-12-11 02:50 - 2011-12-10 01:35 - 0000003 ____A C:\Users\Zack\nugsCount.txt
    2011-12-11 02:50 - 2011-08-30 11:30 - 0000000 ____D C:\users\Zack
    2011-12-10 15:24 - 2011-08-30 14:32 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2011-12-10 13:05 - 2011-12-10 13:05 - 0000000 ____D C:\Users\Zack\AppData\Local\uTorrent
    2011-12-10 13:05 - 2011-12-10 13:05 - 0000000 ____D C:\Program Files (x86)\uTorrent
    2011-12-10 11:58 - 2011-12-10 11:57 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Bioshock
    2011-12-05 09:49 - 2011-12-05 09:49 - 0016085 ____A C:\Users\Zack\Downloads\final-solutions.rkt
    2011-12-04 14:40 - 2011-12-04 14:40 - 0016848 ____A C:\Users\Zack\Downloads\final-questions(1).txt
    2011-12-02 11:35 - 2011-12-02 11:24 - 0003010 ____A C:\Users\Zack\Downloads\assignment3.rkt
    2011-12-02 11:24 - 2011-12-02 11:35 - 0003058 ____A C:\Users\Zack\Downloads\assignment3.bak
    2011-12-02 10:55 - 2011-12-02 10:55 - 0003570 ____A C:\Users\Zack\Downloads\stream-based-playback.rkt
    2011-12-01 13:36 - 2011-12-01 13:36 - 0000427 ____A C:\Users\Zack\Downloads\dingboard(1).rkt
    2011-12-01 13:35 - 2011-11-29 16:08 - 0001424 ____A C:\Users\Zack\Downloads\dingboard.rkt
    2011-12-01 13:03 - 2011-12-01 12:27 - 0000000 ____D C:\Users\Zack\Downloads\cpe123finalproject
    2011-11-30 17:22 - 2011-11-29 16:56 - 0004378 ____A C:\Users\Zack\Downloads\final project.rkt
    2011-11-29 16:56 - 2011-11-29 17:17 - 0000855 ____A C:\Users\Zack\Downloads\final project.bak
    2011-11-29 16:15 - 2011-11-29 16:15 - 0016848 ____A C:\Users\Zack\Downloads\final-questions.txt
    2011-11-29 16:08 - 2011-11-29 16:16 - 0000427 ____A C:\Users\Zack\Downloads\dingboard.bak
    2011-11-27 01:10 - 2011-11-27 01:10 - 0894104 ____A C:\Users\Zack\Downloads\Fleshgod Apocalypse_ORACLES.pdf
    2011-11-25 17:36 - 2011-08-30 11:44 - 0000000 ____D C:\Program Files\CCleaner
    2011-11-25 17:35 - 2011-08-30 11:40 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2011-11-25 16:16 - 2011-11-24 12:28 - 0000000 ____D C:\Users\Zack\AppData\Local\CrashDumps
    2011-11-24 13:42 - 2011-09-11 21:39 - 0000000 ____D C:\Users\Zack\AppData\Roaming\.minecraft
    2011-11-24 13:27 - 2011-11-24 13:27 - 0016242 ____A C:\Users\Zack\Downloads\buckethead_who_me(2).gp5
    2011-11-24 13:26 - 2011-11-24 13:26 - 0005592 ____A C:\Users\Zack\Downloads\buckethead_who_me(1).gp5
    2011-11-24 13:24 - 2011-11-24 13:24 - 0019717 ____A C:\Users\Zack\Downloads\buckethead_who_me.gp5
    2011-11-24 12:37 - 2011-11-24 12:37 - 0000000 ____D C:\Users\All Users\Symantec
    2011-11-24 12:37 - 2011-11-24 12:37 - 0000000 ____D C:\ProgramData\Symantec
    2011-11-24 01:43 - 2011-11-24 01:43 - 4143616 ____A C:\Users\Zack\Downloads\LabManualV11.4_NOPHOTOS.doc
    2011-11-23 22:00 - 2011-11-23 18:09 - 0000000 ____D C:\Users\Zack\AppData\Local\Microsoft Games
    2011-11-23 21:25 - 2011-11-23 21:17 - 29438371 ____A C:\Users\Zack\Downloads\Calculus 6th Edition James Stewart.pdf
    2011-11-23 20:52 - 2011-12-14 14:11 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-23 19:16 - 2011-11-23 19:16 - 0000000 ____D C:\Users\All Users\Wild Tangent
    2011-11-23 19:16 - 2011-11-23 19:16 - 0000000 ____D C:\ProgramData\Wild Tangent
    2011-11-23 19:15 - 2011-06-13 18:06 - 0000000 ____D C:\Users\All Users\WildTangent
    2011-11-23 19:15 - 2011-06-13 18:06 - 0000000 ____D C:\ProgramData\WildTangent
    2011-11-11 20:45 - 2011-11-09 20:12 - 0000000 ____D C:\Users\Zack\Downloads\Re Tabs
    2011-11-11 15:27 - 2011-11-11 15:27 - 0000000 ____D C:\Users\Zack\Downloads\project
    2011-11-11 15:27 - 2011-11-11 15:26 - 0000000 ____D C:\Users\Zack\Downloads\Assignment 3
    2011-11-11 15:26 - 2011-11-11 15:26 - 0033210 ____A C:\Users\Zack\Downloads\Assignment 3.zip
    2011-11-11 15:25 - 2011-11-11 15:25 - 0001559 ____A C:\Users\Zack\Downloads\project.zip
    2011-11-11 15:10 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-10 22:49 - 2011-12-14 14:11 - 12261888 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-11-10 22:49 - 2011-12-14 14:11 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-11-10 21:40 - 2011-12-14 14:11 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-11-10 21:40 - 2011-12-14 14:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-11-09 20:01 - 2011-11-09 20:01 - 0000427 ____A C:\Users\Zack\Downloads\percussion.txt
    2011-11-09 19:57 - 2011-11-09 19:57 - 0000994 ____A C:\Users\Zack\Downloads\Assignment 3_percussion.rkt
    2011-11-09 19:54 - 2011-11-06 12:36 - 0000000 ____D C:\Users\Zack\Downloads\bach-tracker
    2011-11-07 15:06 - 2011-11-07 15:06 - 0000000 ____A C:\Windows\setuperr.log
    2011-11-04 21:41 - 2011-12-14 14:11 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-11-04 21:41 - 2011-12-14 14:11 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-11-04 21:41 - 2011-12-14 14:11 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-11-04 21:38 - 2011-12-14 14:11 - 9018880 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-11-04 21:38 - 2011-12-14 14:11 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2011-11-04 21:38 - 2011-12-14 14:11 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-11-04 21:37 - 2011-12-14 14:11 - 2454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-11-04 21:37 - 2011-12-14 14:11 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-11-04 21:32 - 2011-12-14 14:11 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-11-04 20:35 - 2011-12-14 14:11 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-11-04 20:34 - 2011-12-14 14:11 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-11-04 20:34 - 2011-12-14 14:11 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-11-04 20:31 - 2011-12-14 14:11 - 5997056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-11-04 20:31 - 2011-12-14 14:11 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2011-11-04 20:31 - 2011-12-14 14:11 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-11-04 20:30 - 2011-12-14 14:11 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-11-04 20:30 - 2011-12-14 14:11 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-11-04 20:26 - 2011-12-14 14:11 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-11-04 19:32 - 2011-12-14 14:11 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-11-04 18:48 - 2011-12-14 14:11 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-11-04 14:43 - 2011-09-10 02:14 - 0000000 ____D C:\Users\Zack\Documents\CCleaner_Backups
    2011-11-02 13:18 - 2011-11-02 13:17 - 0000000 ____D C:\Users\Zack\AppData\Local\{8C966CFB-A09A-486D-80FC-8D0EFC052A34}
    2011-11-02 13:16 - 2011-11-02 13:16 - 0000000 ____D C:\Users\Zack\AppData\Local\{6292D796-D89E-4ED8-8D3E-23B624CF70B9}
    2011-11-02 13:07 - 2011-11-02 13:07 - 0000000 ____D C:\Users\Zack\AppData\Local\{AAEF97EA-1E91-45CD-8098-0805B88BA856}
    2011-11-02 13:07 - 2011-08-30 11:36 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Toshiba
    2011-10-30 20:51 - 2011-10-30 20:51 - 0000000 ____D C:\Users\Zack\AppData\Local\Tific
    2011-10-28 14:15 - 2011-10-28 14:15 - 0000000 ____D C:\Windows\System32\Macromed
    2011-10-28 14:14 - 2011-10-28 14:14 - 0000000 ____D C:\Users\All Users\McAfee
    2011-10-28 14:14 - 2011-10-28 14:14 - 0000000 ____D C:\ProgramData\McAfee
    2011-10-25 21:21 - 2011-12-14 14:11 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-10-24 15:13 - 2011-10-24 15:13 - 0026351 ____A C:\Users\Zack\Downloads\system_of_a_down_psycho.gp3
    2011-10-24 15:10 - 2011-10-24 15:10 - 0091074 ____A C:\Users\Zack\Downloads\system_of_a_down_chop_suey.gp5
    2011-10-24 15:09 - 2011-10-24 15:09 - 0068890 ____A C:\Users\Zack\Downloads\system_of_a_down_byob.gp4
    2011-10-24 15:09 - 2011-10-24 15:09 - 0042396 ____A C:\Users\Zack\Downloads\system_of_a_down_cigaro.gp5
    2011-10-24 15:09 - 2011-10-24 15:09 - 0038191 ____A C:\Users\Zack\Downloads\system_of_a_down_cigaro(1).gp5
    2011-10-24 14:17 - 2011-10-24 14:17 - 0037519 ____A C:\Users\Zack\Downloads\system_of_a_down_aerials.gp5
    2011-10-17 14:13 - 2011-10-17 14:13 - 0168223 ____A C:\Users\Zack\Downloads\machine_head_who_we_are.gp5
    2011-10-16 23:46 - 2011-10-16 23:46 - 0022021 ____A C:\Users\Zack\Downloads\system_of_a_down_lonely_day_solo.gp5
    2011-10-16 23:45 - 2011-10-16 23:45 - 0044975 ____A C:\Users\Zack\Downloads\system_of_a_down_lonely_day.gp5
    2011-10-16 23:41 - 2011-08-30 11:35 - 0115832 ____A C:\Users\Zack\AppData\Local\GDIPFONTCACHEV1.DAT
    2011-10-16 23:40 - 2011-10-16 23:40 - 0000000 ____D C:\Program Files (x86)\Guitar Pro 5
    2011-10-15 15:11 - 2011-05-15 19:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2011-10-14 22:31 - 2011-12-14 14:11 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-10-14 21:38 - 2011-12-14 14:11 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2011-10-12 20:20 - 2011-10-12 20:20 - 0000000 ____D C:\Users\Zack\Documents\DipTrace
    2011-10-12 20:20 - 2011-10-12 20:20 - 0000000 ____D C:\Users\All Users\DipTrace
    2011-10-12 20:20 - 2011-10-12 20:20 - 0000000 ____D C:\ProgramData\DipTrace
    2011-10-12 20:20 - 2011-10-12 20:20 - 0000000 ____D C:\Program Files (x86)\DipTrace
    2011-10-11 14:57 - 2011-10-11 14:57 - 0000000 ____D C:\Users\Zack\Documents\Book Place
    2011-10-11 14:57 - 2011-10-11 14:57 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Book Place
    2011-10-11 14:57 - 2011-10-11 14:57 - 0000000 ____D C:\Users\All Users\Toshiba Book Place
    2011-10-11 14:57 - 2011-10-11 14:57 - 0000000 ____D C:\ProgramData\Toshiba Book Place
    2011-10-05 00:57 - 2011-10-05 00:56 - 0641400 ____A (BitTorrent, Inc.) C:\Users\Zack\Downloads\utorrent.exe
    2011-10-04 00:57 - 2011-08-30 16:47 - 0000000 ____D C:\Users\Zack\AppData\Local\Adobe
    2011-10-03 23:01 - 2011-08-30 11:36 - 0000000 ____D C:\Users\Zack\AppData\Roaming\Adobe
    2011-10-03 22:37 - 2011-09-10 02:14 - 0000000 ____D C:\Users\Zack\Documents\College
    2011-10-03 22:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys
    [2011-05-15 19:16] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


    ========================= Memory info ======================

    Percentage of memory in use: 31%
    Total physical RAM: 5608.67 MB
    Available physical RAM: 3851.41 MB
    Total Pagefile: 11215.54 MB
    Available Pagefile: 9389.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ======================= Partitions =========================

    1 Drive c: (TI106170W0E) (Fixed) (Total:581.14 GB) (Free:383.9 GB) NTFS ==>[Drive with boot components]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 581 GB 1501 MB
    Partition 3 Primary 13 GB 582 GB

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 System NTFS Partition 1500 MB Healthy Hidden

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI106170W0E NTFS Partition 581 GB Healthy Boot

    Disk: 0
    Partition 3
    Type : 17
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==========================================================

    Last Boot: 2011-12-26 20:43

    ======================= End Of Log ==========================
     
  11. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    False alarm:)
    You're fine.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. DSG3002

    DSG3002 TS Rookie Topic Starter

    It seems to be running normally again, but as you said about making sure it's completely clean I don't really know what's going on. :haha:


    OTL.txt:

    OTL logfile created on: 12/30/2011 6:40:28 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zack\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.48 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 69.15% Memory free
    10.95 Gb Paging File | 9.19 Gb Available in Paging File | 83.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.14 Gb Total Space | 383.90 Gb Free Space | 66.06% Space Free | Partition Type: NTFS

    Computer Name: ZACK-PC | User Name: Zack | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/30 18:38:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zack\Desktop\OTL.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/10 03:01:42 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
    PRC - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/07/25 10:51:30 | 000,525,752 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
    PRC - [2011/07/25 10:51:18 | 001,105,848 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
    PRC - [2011/02/03 11:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    PRC - [2010/08/16 09:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/04/20 15:16:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/04/20 14:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
    SRV:64bit: - [2011/04/20 10:45:38 | 000,480,256 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2011/04/07 12:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2011/04/05 18:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/12/08 14:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2010/10/20 13:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/12/10 03:01:42 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/07/25 10:51:18 | 001,105,848 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
    SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/02/03 11:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2010/11/29 13:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/09/09 14:47:43 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2011/06/13 17:44:23 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
    DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/26 07:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2011/05/06 15:26:32 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/04/20 16:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 14:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/04/15 13:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/04/15 13:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2011/03/23 16:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2011/03/17 19:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
    DRV:64bit: - [2011/03/17 19:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/08 18:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2011/02/03 18:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/01/27 14:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV:64bit: - [2010/12/17 18:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/10/18 13:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2010/06/18 15:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
    DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
    DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com
    IE - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://google.com/ig"

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll (Wolfram Research, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/25 17:35:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/08/30 11:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zack\AppData\Roaming\Mozilla\Extensions
    [2011/12/27 01:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\dmvn28dv.default\extensions
    [2011/08/30 11:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\ZACK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DMVN28DV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011/11/25 17:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/11/25 17:35:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/25 17:35:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/12/30 17:34:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{207BB0BD-8F1B-45EB-9E49-18D171182EF2}: DhcpNameServer = 129.65.16.254 129.65.21.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82457D5E-3EFC-4862-AD1A-EED42567B0D4}: DhcpNameServer = 10.0.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/30 18:38:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Zack\Desktop\OTL.exe
    [2011/12/30 18:21:12 | 000,000,000 | ---D | C] -- C:\FRST
    [2011/12/30 18:14:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Zack\Desktop\tdsskiller.exe
    [2011/12/30 17:39:35 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2011/12/30 17:34:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/12/30 15:48:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2011/12/30 15:48:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2011/12/30 15:48:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2011/12/30 15:47:55 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2011/12/30 15:47:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/30 15:38:05 | 004,358,014 | R--- | C] (Swearware) -- C:\Users\Zack\Desktop\ComboFix.exe
    [2011/12/30 14:41:08 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Zack\Desktop\aswMBR.exe
    [2011/12/29 23:59:53 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2011/12/20 03:15:28 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\Media Player Classic
    [2011/12/20 03:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
    [2011/12/20 03:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
    [2011/12/19 05:10:23 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\vlc
    [2011/12/19 05:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2011/12/16 15:39:29 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\Adobe Mini Bridge CS5
    [2011/12/16 15:39:28 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/12/10 13:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
    [2011/12/10 13:05:09 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\uTorrent
    [2011/12/10 11:57:34 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\Bioshock
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/30 18:38:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zack\Desktop\OTL.exe
    [2011/12/30 18:24:54 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/30 18:24:54 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/30 18:20:12 | 001,377,537 | ---- | M] () -- C:\Users\Zack\Desktop\FRST64.exe
    [2011/12/30 18:14:32 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Zack\Desktop\tdsskiller.exe
    [2011/12/30 17:55:45 | 000,000,512 | ---- | M] () -- C:\Users\Zack\Desktop\MBR.dat
    [2011/12/30 17:34:52 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2011/12/30 17:34:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/12/30 17:34:34 | 115,871,743 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/30 15:38:12 | 004,358,014 | R--- | M] (Swearware) -- C:\Users\Zack\Desktop\ComboFix.exe
    [2011/12/30 14:41:29 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Zack\Desktop\aswMBR.exe
    [2011/12/30 07:23:38 | 000,041,574 | ---- | M] () -- C:\Users\Zack\Desktop\weird.PNG
    [2011/12/29 23:59:53 | 000,000,688 | ---- | M] () -- C:\Users\Zack\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/29 23:40:09 | 000,046,836 | ---- | M] () -- C:\Users\Zack\Desktop\winter2012_finalsched.PNG
    [2011/12/26 03:06:12 | 000,059,415 | ---- | M] () -- C:\Users\Zack\Desktop\winter2012_wlistfinal_sched.PNG
    [2011/12/24 14:10:18 | 000,729,752 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2011/12/24 14:10:18 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2011/12/24 14:10:18 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2011/12/19 21:29:17 | 000,180,761 | ---- | M] () -- C:\Users\Zack\Desktop\cpe4yr_physmin_flowchart.PNG
    [2011/12/18 18:39:54 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
    [2011/12/16 17:04:15 | 000,000,132 | ---- | M] () -- C:\Users\Zack\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/16 03:14:56 | 2147,483,646 | ---- | M] () -- C:\Users\Zack\Documents\truecryptvol_v2
    [2011/12/15 03:24:07 | 004,989,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/30 18:20:00 | 001,377,537 | ---- | C] () -- C:\Users\Zack\Desktop\FRST64.exe
    [2011/12/30 15:48:00 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2011/12/30 15:48:00 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2011/12/30 15:48:00 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2011/12/30 15:48:00 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2011/12/30 15:48:00 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2011/12/30 15:37:43 | 000,000,512 | ---- | C] () -- C:\Users\Zack\Desktop\MBR.dat
    [2011/12/30 07:23:38 | 000,041,574 | ---- | C] () -- C:\Users\Zack\Desktop\weird.PNG
    [2011/12/30 01:33:32 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
    [2011/12/30 01:33:32 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
    [2011/12/30 01:33:24 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2011/12/30 01:33:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2011/12/30 01:33:24 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/12/30 01:33:24 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2011/12/30 01:33:24 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
    [2011/12/30 01:33:24 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2011/12/30 01:33:24 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2011/12/30 01:33:24 | 000,001,364 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
    [2011/12/30 01:33:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2011/12/30 01:33:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2011/12/30 01:33:24 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2011/12/30 01:33:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2011/12/30 01:33:24 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2011/12/30 01:33:24 | 000,001,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
    [2011/12/30 01:33:24 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2011/12/30 01:33:24 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2011/12/30 01:33:24 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
    [2011/12/30 01:33:24 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
    [2011/12/30 01:33:24 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/12/30 01:33:24 | 000,001,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
    [2011/12/30 01:33:24 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
    [2011/12/30 01:33:24 | 000,001,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    [2011/12/29 23:59:53 | 000,000,688 | ---- | C] () -- C:\Users\Zack\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/29 23:40:09 | 000,046,836 | ---- | C] () -- C:\Users\Zack\Desktop\winter2012_finalsched.PNG
    [2011/12/26 03:06:12 | 000,059,415 | ---- | C] () -- C:\Users\Zack\Desktop\winter2012_wlistfinal_sched.PNG
    [2011/12/16 17:04:15 | 000,000,132 | ---- | C] () -- C:\Users\Zack\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/16 15:33:57 | 000,180,761 | ---- | C] () -- C:\Users\Zack\Desktop\cpe4yr_physmin_flowchart.PNG
    [2011/12/16 03:11:34 | 2147,483,646 | ---- | C] () -- C:\Users\Zack\Documents\truecryptvol_v2
    [2011/08/30 11:59:10 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/06/13 17:40:15 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2011/06/13 17:38:09 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
    [2011/03/10 10:56:40 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
    [2011/02/03 18:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/11/24 13:42:44 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\.minecraft
    [2011/12/21 03:26:58 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Audacity
    [2011/12/10 11:58:19 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Bioshock
    [2011/10/11 14:57:28 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Book Place
    [2011/12/24 05:13:36 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\foobar2000
    [2011/12/18 18:38:59 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Racket
    [2011/12/16 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/08/30 12:15:49 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Tific
    [2011/11/02 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Toshiba
    [2011/09/30 08:04:08 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\TrueCrypt
    [2011/12/29 06:03:52 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\uTorrent
    [2011/08/30 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\WinBatch
    [2009/07/13 21:08:49 | 000,022,942 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 19:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/05/16 11:37:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/12/30 17:39:33 | 000,019,184 | ---- | M] () -- C:\ComboFix.txt
    [2011/12/30 17:34:34 | 115,871,743 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/30 17:34:35 | 1586,151,423 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/30 18:20:24 | 000,078,460 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_30.12.2011_18.15.46_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/08/30 11:36:45 | 000,000,221 | -HS- | M] () -- C:\Users\Zack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/30 14:41:29 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Zack\Desktop\aswMBR.exe
    [2011/12/30 15:38:12 | 004,358,014 | R--- | M] (Swearware) -- C:\Users\Zack\Desktop\ComboFix.exe
    [2011/12/30 18:20:12 | 001,377,537 | ---- | M] () -- C:\Users\Zack\Desktop\FRST64.exe
    [2011/12/30 18:38:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zack\Desktop\OTL.exe
    [2011/12/30 18:14:32 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Zack\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/08/30 11:33:20 | 000,000,402 | -HS- | M] () -- C:\Users\Zack\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  13. DSG3002

    DSG3002 TS Rookie Topic Starter

    Extras.txt:

    OTL Extras logfile created on: 12/30/2011 6:40:28 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zack\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.48 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 69.15% Memory free
    10.95 Gb Paging File | 9.19 Gb Available in Paging File | 83.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.14 Gb Total Space | 383.90 Gb Free Space | 66.06% Space Free | Partition Type: NTFS

    Computer Name: ZACK-PC | User Name: Zack | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1856170626-224712492-4181922709-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{14AC80A3-D80B-85E0-131D-8E0F581DACB6}" = ccc-utility64
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
    "{31869115-EC6E-5B7D-B9A7-C945CD06A3B1}" = ATI Catalyst Install Manager
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{ADF96813-AFAD-7A71-402D-2D2795401B9E}" = WMV9/VC-1 Video Playback
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "A-WIN-Extras 8.0.0 1802959_is1" = Mathematica Extras 8.0 (1802959)
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "M-WIN-L 8.0.0 1803527_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.0 1803527)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Speccy" = Speccy
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{06CF83C8-A7F9-37E0-18E0-76F78E4E93BE}" = CCC Help Korean
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C6A8CB7-A4F8-CC55-5554-6315DC90B587}" = CCC Help Japanese
    "{0C71A279-B127-7C96-3084-5E23C4607E8B}" = CCC Help Chinese Standard
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{27993E6B-F23B-B04C-2C43-F6A1EA57CBD2}" = CCC Help Greek
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2B0F41D8-A9BD-70AC-B5E9-88DCF3A67E78}" = AMD VISION Engine Control Center
    "{2C3CE57D-29A8-A7CE-5A66-C32A6F1CCBF0}" = CCC Help Thai
    "{2F6C4370-BD2C-4F1B-8E81-F4A7293E0455}" = Cisco NAC Agent
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{41986453-361D-B758-D8B4-3880347C40F8}" = CCC Help Italian
    "{42310CC1-FA1E-9FE1-232F-256464800E3B}" = CCC Help Russian
    "{42CAFBDA-8AFC-1CF9-9C48-53C0983F3CA2}" = CCC Help Polish
    "{436246B4-B913-A367-EA3B-FB3681DE297B}" = CCC Help Dutch
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F3831C7-EE2B-804E-E580-9380D1D3E3CF}" = CCC Help English
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5B73583F-A5B8-EDC3-24BE-5EE0B77B44D3}" = Catalyst Control Center Localization All
    "{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
    "{5D323CD4-8229-2A02-947C-6B79BB162B32}" = CCC Help French
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
    "{6791C5E8-F9BE-FE7A-8CE1-2A9BEEF0CC49}" = CCC Help Spanish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
    "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
    "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{744128C6-16E7-77F0-6A60-79AB9ECBC7D4}" = CCC Help Chinese Traditional
    "{7689CE69-8BBC-D1D2-E43B-EFFCEFEC9819}" = CCC Help Portuguese
    "{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC9DDFF-EA30-00D7-4E4D-9ED088A6E847}" = CCC Help Norwegian
    "{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{9AACD17B-FDD5-2E2F-BD31-15C1C92373E6}" = CCC Help Turkish
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A4595B6E-142F-DDEA-0B08-401261B26C5C}" = CCC Help German
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA6010CC-B655-0E28-FB36-DF4CD17FAA43}" = Catalyst Control Center Graphics Previews Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B670EB67-B0B2-836B-ACF2-CB29325A01BE}" = CCC Help Czech
    "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0D3144A-939C-840B-4337-87467F91C1EA}" = CCC Help Danish
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6B7EF81-4AEF-75A9-6F2C-787E65919BCF}" = CCC Help Swedish
    "{D6EDFC58-862D-84DC-81B5-D122F30DC744}" = CCC Help Finnish
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{EA2FC14A-5A8F-8C2A-ED2B-34B91DBB547E}" = CCC Help Hungarian
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "foobar2000" = foobar2000 v1.1.7
    "Guitar Pro 5_is1" = Guitar Pro 5.2
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
    "NortonPCCheckup" = Toshiba Laptop Checkup
    "Novarm DipTrace" = Novarm DipTrace
    "Racket-5.1.3" = Racket v5.1.3
    "Steam App 12900" = Audiosurf
    "Steam App 18500" = Defense Grid: The Awakening
    "Steam App 220" = Half-Life 2
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 400" = Portal
    "Steam App 420" = Half-Life 2: Episode Two
    "Steam App 440" = Team Fortress 2
    "Steam App 550" = Left 4 Dead 2
    "Steam App 620" = Portal 2
    "Steam App 7670" = BioShock
    "TrueCrypt" = TrueCrypt
    "uTorrent" = ĀµTorrent
    "VLC media player" = VLC media player 1.1.11
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-06026836-d524-4fbc-836a-b1d5db2ab48e" = Penguins!
    "WTA-0f8ffabf-1822-4892-9ed4-ead29df61343" = FATE - The Traitor Soul
    "WTA-2ed08c4d-d55f-4315-92ea-9b1df9ccfeb7" = Chuzzle Deluxe
    "WTA-50e1467b-975b-438b-9f40-d0c1e4f36952" = Tom Clancy's Splinter Cell
    "WTA-818ffc17-476e-4ef4-8a54-e86f72d217ef" = Zuma's Revenge
    "WTA-913b510c-1ddf-4fd8-897e-270349db2d0f" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-aa719ff5-e839-4bd5-9f9b-2cd9e0ebe940" = Plants vs. Zombies - Game of the Year
    "WTA-d790d3e9-4c2a-4d1b-a893-b5996a9e9ae7" = Polar Bowler
    "WTA-f68df5fa-ade0-4cb0-8da2-14ab652db23f" = Bejeweled 3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1856170626-224712492-4181922709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/9/2011 10:00:06 PM | Computer Name = Zack-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/10/2011 12:43:34 AM | Computer Name = Zack-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 6.0.2.4262 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1010 Start
    Time: 01cc86f0314a13af Termination Time: 42 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 5b463001-f2fa-11e0-9272-b870f4638493

    Error - 10/10/2011 6:12:01 PM | Computer Name = Zack-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/11/2011 6:01:31 AM | Computer Name = Zack-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/11/2011 4:36:17 PM | Computer Name = Zack-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 10/11/2011 6:18:09 PM | Computer Name = Zack-PC | Source = MsiInstaller | ID = 11719
    Description =

    Error - 10/11/2011 6:18:12 PM | Computer Name = Zack-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error - 10/11/2011 6:21:01 PM | Computer Name = Zack-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/12/2011 12:20:58 AM | Computer Name = Zack-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/13/2011 7:42:15 PM | Computer Name = Zack-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 12/1/2011 4:14:41 PM | Computer Name = Zack-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/1/2011 7:05:12 PM | Computer Name = Zack-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/1/2011 7:05:43 PM | Computer Name = Zack-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/5/2011 4:42:06 AM | Computer Name = Zack-PC | Source = cdrom | ID = 262155
    Description = The driver detected a controller error on \Device\CdRom0.

    Error - 12/5/2011 4:50:32 AM | Computer Name = Zack-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/5/2011 9:28:46 PM | Computer Name = Zack-PC | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 129.65.202.20. The computer with the IP address 129.65.202.105 did
    not allow the name to be claimed by this computer.

    Error - 12/5/2011 9:28:49 PM | Computer Name = Zack-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 12/5/2011 9:48:29 PM | Computer Name = Zack-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.117.316.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 12/5/2011 11:32:57 PM | Computer Name = Zack-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/10/2011 4:49:07 AM | Computer Name = Zack-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O3 - HKU\S-1-5-21-1856170626-224712492-4181922709-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. DSG3002

    DSG3002 TS Rookie Topic Starter

    New OTL fix log:

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-1856170626-224712492-4181922709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-1856170626-224712492-4181922709-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Zack
    ->Temp folder emptied: 52495926 bytes
    ->Temporary Internet Files folder emptied: 50681893 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 235120114 bytes
    ->Flash cache emptied: 3159409 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5316 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 326.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Zack
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12302011_190929

    Files\Folders moved on Reboot...
    C:\Users\Zack\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...



    JavaRa log:

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Fri Dec 30 19:25:06 2011

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

    ------------------------------------

    Finished reporting.
     
  16. DSG3002

    DSG3002 TS Rookie Topic Starter

    Security Check log:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    Adobe Reader X (10.1.1)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````


    ESET found no threats and had no log
     
  17. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  18. DSG3002

    DSG3002 TS Rookie Topic Starter

    New OTL Fix Log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Zack
    ->Temp folder emptied: 867 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 227121747 bytes
    ->Flash cache emptied: 615 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1610 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 217.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Zack
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.31.0 log created on 12302011_221212

    Files\Folders moved on Reboot...
    C:\Users\Zack\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...



    MBAM Quick Scan:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.30.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Zack :: ZACK-PC [administrator]

    12/30/2011 10:56:46 PM
    mbam-log-2011-12-30 (22-56-46).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 177791
    Time elapsed: 2 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Computer seems to be working normally again. I'm still having that issue I mentioned before that I put a picture with (where the active programs are a lot bigger on the taskbar than usual) but other than that it's fine. You linked that "How did I get infected?" topic and the only thing on that list I could qualify for is uTorrent since sometimes if I need to receive large files/folders from people I'm working with we just use P2P instead of shipping around flash drives. I once had to transfer back and forth like 50GB of stuff at one point so it seemed reasonable to do. Not sure how this would have landed me such a malicious infection though. It also seems like a lot of other people have gotten the exact same infection and are posting it on this board though, so maybe it's a common thing going around now? Can't think of any potential "suspicious" websites I've been to, although while I first got this infection I was googling for guitar products so maybe something came up from google. If you have any diagnostic about the root of this infection it'd be great to know.

    Thanks for all of your help and support, means a lot and I'm grateful that people spend so much of their time helping others with computer issues. Big thumbs up to you. :)
     
  19. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    I suggest you ask that question at Windows forum.

    Other than that...

    Way to go!! [​IMG]
    Good luck and stay safe :)

    [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.