Solved Sirefef infection on laptop

I

IanMcK

Posts: 23   +0
My Windows 7 Home 64 bit Toshiba R830-10C laptop has been infected by sirefef. I noticed that Windows Security Essentials had stopped updating and I stupidly reinstalled it and I how have the problem of the laptop shutting down one minute after starting. How do I get rid of this problem?
 
I noticed that Windows Security Essentials had stopped updating and I stupidly reinstalled it and I how have the problem of the laptop shutting down one minute after starting. How do I get rid of this problem?
Click to expand...

If this made it worse, so a System Restore to the closest date right before you uninstalled MSE.
=========================================
Then please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
Thank you for your prompt reply.

I ran System Restore and it found only 2 restore points both within the last 48 hours. I restored to the earliest one and my laptop no longer reboots every minute.

Here are the logs:

MBAM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
R830-10C :: R830-10C-TOSH [administrator]

12/06/2012 17:08:06
mbam-log-2012-06-12 (17-08-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204629
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\R830-10C\AppData\Local\Temp\liquid14340927.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

GMER

No modifications - no log produced

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by R830-10C at 17:17:42 on 2012-06-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8095.6636 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [Radio Downloader] "C:\Program Files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [TSUScheduler] %ProgramFiles(x86)%\TOSHIBA\Sync Utility\TosSyncScheduler.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\R830-10C\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\R830-10C\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\R830-10C\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: Interfaces\{34508C95-F4FD-4F20-BE77-41EF3F1B1333} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F6AA3DFF-CA67-434F-BACE-D58F43D56138} : NameServer = 217.171.132.1 217.171.135.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [TSUScheduler] %ProgramFiles(x86)%\TOSHIBA\Sync Utility\TosSyncScheduler.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\R830-10C\AppData\Roaming\Mozilla\Firefox\Profiles\74658lu9.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2012-3-12 1737464]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-14 572712]
R2 risdxc;risdxc;C:\windows\system32\DRIVERS\risdxc64.sys --> C:\windows\system32\DRIVERS\risdxc64.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS

\TVALZFL.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-15

2656280]
R3 appliandMP;appliandMP;C:\windows\system32\DRIVERS\appliand.sys --> C:\windows\system32\DRIVERS\appliand.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-15 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-4-6 828336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]
S3 appliand;Applian Network Service;C:\windows\system32\DRIVERS\appliand.sys --> C:\windows\system32\DRIVERS\appliand.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\system32\drivers\massfilter.sys --> C:\windows\system32\drivers\massfilter.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-12 21:34:41 -------- d-----w- C:\FRST
2012-06-12 16:07:04 -------- d-----w- C:\Users\R830-10C\AppData\Roaming\Malwarebytes
2012-06-12 16:05:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-12 16:05:34 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-12 16:05:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-12 11:22:35 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-11 23:18:44 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-11 23:18:42 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-08 11:44:47 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 11:44:47 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 19:04:56 -------- d-sh--w- C:\windows\System32\%APPDATA%
2012-06-03 11:09:53 -------- d-----r- C:\Users\R830-10C\Dropbox
2012-06-03 11:06:36 -------- d-----w- C:\Users\R830-10C\AppData\Roaming\Dropbox
2012-05-30 12:06:49 -------- d-----w- C:\Users\R830-10C\AppData\Local\Apple Computer
2012-05-30 08:44:26 104960 ----a-w- C:\Program Files (x86)\Windows Media Player\wmp.dll
2012-05-30 08:44:26 -------- d-----w- C:\Program Files (x86)\WMP Tag Plus
2012-05-29 15:49:22 -------- d-----w- C:\Users\R830-10C\AppData\Local\www.nerdoftheherd.com
2012-05-29 15:49:19 -------- d-----w- C:\Users\R830-10C\AppData\Roaming\www.nerdoftheherd.com
2012-05-29 15:23:04 -------- d-----w- C:\Program Files (x86)\FLV_Extract_v1.6.2
2012-05-29 14:21:59 -------- d-----w- C:\Users\R830-10C\AppData\Roaming\FLV Extract
2012-05-29 13:59:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-29 13:59:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-29 13:59:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-29 13:59:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-29 13:59:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-29 13:59:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-29 13:59:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-29 13:58:34 -------- d-----w- C:\Users\R830-10C\AppData\Local\Apple
2012-05-29 13:36:52 -------- d-----w- C:\Program Files (x86)\Topsevenreviews
2012-05-29 13:00:33 -------- d-----w- C:\Users\R830-10C\AppData\Local\Applian
2012-05-29 12:36:14 -------- d-----w- C:\Users\R830-10C\AppData\Local\Jaksta_Technologies_Pty_L
2012-05-29 12:35:08 33888 ----a-w- C:\windows\System32\drivers\appliand.sys
2012-05-29 12:34:58 -------- d-----w- C:\Program Files (x86)\Applian Technologies
2012-05-29 12:34:44 -------- d-----w- C:\Users\R830-10C\AppData\Roaming\Replay Media Catcher 4
2012-05-29 12:34:44 -------- d-----w- C:\ProgramData\Applian
2012-05-24 14:21:06 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-05-24 14:19:49 -------- d-----w- C:\Users\R830-10C\AppData\Roaming\uTorrent
.
==================== Find3M ====================
.
2012-05-05 18:35:41 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 18:35:41 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 18:35:21 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 19:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05:57 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-20 19:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
.
============= FINISH: 17:19:09.45 ===============

Attach.txt to follow
 
Here is the attach.txt file. The laptop has now started to reboot every minute again!

Attach.txt part 1
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/10/2011 01:02:13
System Uptime: 12/06/2012 17:12:43 (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | Socket BGA1023 | 1491/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 25.107 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: TCP/IP Protocol Driver
Device ID: ROOT\LEGACY_TCPIP\0000
Manufacturer:
Name: TCP/IP Protocol Driver
PNP Device ID: ROOT\LEGACY_TCPIP\0000
Service: Tcpip
.
==== System Restore Points ===================
.
RP75: 12/06/2012 00:19:53 - Windows Update
RP76: 12/06/2012 12:20:47 - Windows Update
.
==== Installed Programs ======================
.
3Connect
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe AIR
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Reader X (10.1.3) MUI
Advanced X Video Converter
Amazon.co.uk
AoA DVD Ripper
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
µTorrent
BBC iPlayer Desktop
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
CD Wave Editor 1.98
Chicken Invaders 3 - Revenge of the Yolk
Chuzzle Deluxe
D3DX10
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp Shorten Codec
dBpoweramp WavPack Codec
Diner Dash 2 Restaurant Rescue
Dropbox
eBay
FATE
Final Drive: Nitro
Free Download Manager 3.8
Free FLV to Audio Converter
High-Definition Video Playback
Insaniquarium Deluxe
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Jasc Paint Shop Pro 8
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Primary Interoperability Assemblies 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0 (x86 en-GB)
Mozilla Maintenance Service
Mp3tag v2.49b
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Penguins!
Photo Service - powered by myphotobook
PL-2303 USB-to-Serial
Plants vs. Zombies - Game of the Year
Polar Bowler
QuickTime
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Replay Media Catcher 4 (4.4.3)
RICOH Media Driver v2.13.17.01
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Skype Toolbars
Skype™ 5.0
Slingo Deluxe
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Face Recognition
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Security Assist
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Sync Utility
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
Trader's Little Helper 2.7.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Wedding Dash 2 - Rings Around the World
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WMP Tag Plus version 2.0
Xvid 1.2.2 final uninstall
ZTE_1.2059.0.8
Zuma Deluxe
.
 
Attach.txt part 2

==== Event Viewer Messages From Past Week ========
.
12/06/2012 17:19:08, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:14:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:13:07, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
12/06/2012 17:13:06, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/06/2012 17:13:06, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/06/2012 17:13:06, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/06/2012 17:12:58, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading
12/06/2012 17:12:58, Error: Application Popup [1060] - \??\C:\windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/06/2012 17:12:16, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 17:12:16, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 17:06:48, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 17:04:09, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 13:30:45, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
12/06/2012 13:30:13, Error: Service Control Manager [7022] - The Windows Event Log service hung on starting.
12/06/2012 13:21:01, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 13:18:18, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:524 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 0.0.0.0
12/06/2012 13:17:42, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 13:17:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 13:17:14, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 13:15:26, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 13:14:54, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
12/06/2012 13:06:53, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 12:54:51, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\system32\services.exe;file:_C:\windows\system32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 12:47:43, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:600 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 12:42:41, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\system32\services.exe;file:_C:\windows\system32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 12:39:21, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 12:35:54, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\system32\services.exe;file:_C:\windows\system32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1815.0, AS: 1.127.1815.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 12:08:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 12:08:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 12:08:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 12:08:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 12:08:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 12:08:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 12:03:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 11:58:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 11:58:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:58:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:53:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Attach.txt part 3

12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:48:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:47:10, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
12/06/2012 11:47:10, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
12/06/2012 11:47:06, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
12/06/2012 11:47:02, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
12/06/2012 11:35:35, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:35:35, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:35:35, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:35:35, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:35:35, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:35:35, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:30:35, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 11:25:34, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:54:23, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 10:52:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/06/2012 08:17:55, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:604 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 00:46:07, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:592 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 00:42:45, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:520 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 0.0.0.0
12/06/2012 00:42:14, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 00:42:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/06/2012 00:42:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/06/2012 00:42:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/06/2012 00:42:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/06/2012 00:42:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/06/2012 00:42:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/06/2012 00:40:28, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:592 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 00:37:12, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:592 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 00:33:41, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:592 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 00:30:09, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\Users\R830-10C\AppData\Local\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\n;file:_C:\windows\System32\services.exe->731;process:_pid:592 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
12/06/2012 00:26:16, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\System32\services.exe;file:_C:\windows\System32\services.exe->731;process:_pid:592 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0
10/06/2012 23:57:00, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume TOSHIBA EXT.
10/06/2012 16:39:23, Error: Ntfs [137] - The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code.
09/06/2012 15:58:33, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
09/06/2012 13:48:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
07/06/2012 16:55:39, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
07/06/2012 12:47:26, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1410.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
06/06/2012 13:30:14, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
06/06/2012 13:28:58, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume MP3.
05/06/2012 16:12:54, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR8.
05/06/2012 15:52:56, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
05/06/2012 15:52:07, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.
.
==== End Of File ===========================
 
A Note for you: Normally I wouldn't start off with t a System Restore. In fact, we tell you specifically NOT to do a system retore during cleaning. But since you were able to connect the reinstall of MSE with the constant reboot- in which case you would not be able to complete the scans- it seemed like the only way to start. I'm glad it resolved the reboot.

And another note: even if it had not caused the rebooting, MSE alone would not be enough to remove the ZeroAccess Rootkit.
==================================================
It's possible that MSE actually did remove the malware, but it's in a restore point. That is a protected system file, so even if a scan shows a process from 'SystemVolume' removed, it's still there. Unfortunately, virus scans do not read 'location'- let's have a look:

To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------

  • Download Combofix from HERE or HEREand save to the desktop
    • Double click combofix.exe
      cf-icon.jpg
      & follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
      Click to expand...
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • Close any open browsers.
  • Before you run the Combofix scan, please disable any security software you have running.
    (If you need help with this, please see HERE)
  • Click on Yes, to continue scanning for malware
  • If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
================================================
This is what MSE is telling you:
12/06/2012 00:42:45, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following:

http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285
Name: Trojan:Win64/Sirefef.Y
ID: 2147655285
Severity: Severe Category:
Trojan Path: containerfile:_C:\windows\System32\services.exe;
file:_C:\windows\System32\services.exe->731;process:_pid:520
Detection Origin: Local machine
Detection Type: Concrete Detection Source:
System User: NT AUTHORITY\SYSTEM
Process Name: C:\windows\system32\services.exe
Action: Remove Action Status: No additional actions required
Error Code: 0x800704ec
Error description: This program is blocked by group policy.
For more information, contact your system administrator. Signature Version: AV: 1.127.1762.0, AS: 1.127.1762.0,
NIS: 0.0.0.0 Engine Version: AM: 1.1.8403.0, NIS: 0.0.0.0 >>> Microsoft Network Inspection System
Click to expand...

At the end of cleaning, we have you set a new, clean restore point and remove the old ones.

Please leave the logs for the Eset online virus scan and Combofix in our next reply.
=================================
It would also be helpful if you could tell me what these are- are they all partitions?
05/06/2012 16:12:54, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR8.
05/06/2012 15:52:56, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
05/06/2012 15:52:07, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.
09/06/2012 13:48:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
07/06/2012 16:55:39, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
Click to expand...

There is mention that "The file system structure on the disk is corrupt and unusable" so I need to determine what you run CHKDSK on
Does volume TOSHIBA EXT match any of the DR numbers?
How about volume MP3?
============================================
Note: Please do not use this or any ther file sharing program you have while I'm helping you:
2012-05-24 14:21:06 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-05-24 14:19:49 -------- d-----w- C:\Users\R830-10C\AppData\Roaming\uTorrent
.
Click to expand...
.
 
Unfortunately I have been unable to complete the online scan as the laptop has now started rebooting itself every minute again.

I have 4 external USB hard drives - MP3 is an old 500Gb Maxtor One-Touch III and TOSHIBA EXT is a two month old USB3 powered 500Gb drive.
 
See if this helps:

Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

You can also do this:
Open Internet Options from either the Control Panel or Tools in IE
  • Choose the Security tab> Click on "Reset all zones to the default level."
  • Choose the Advanced tab> Click on "Restore advanced settings.
  • Click on OK> Apply> OK
 
I performed both these steps and they stopped the laptop rebooting every minute. I started the ESET Online scan but the rebooting problem (after a warning from MSE and a popup box with a warning of a critical error) started again after about 7 or 8 minutes so was unable to complete the scan.

I use either my home broadband connection or (when on the move) my mobile broadband dongle. The rebooting problem happens on both but the laptop seems to work fairly normally if not connected to the internet.
 
I rebooted and tried once more. Success this time:

Eset log:

C:\Users\R830-10C\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KG4IMO99\;ID=nemexia4;size=728x90;setID=16;type=1;source=0;pub=0;pub=0[1].js HTML/Iframe.B.Gen virus
Combofix log:

ComboFix 12-06-13.01 - R830-10C 13/06/2012 13:08:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8095.5912 [GMT 1:00]
Running from: c:\users\R830-10C\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\R830-10C\AppData\Local\Temp\{BD238117-2F25-41FD-B521-6EF5B1E21044}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 11:07 . 2012-06-13 11:07 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C41552B4-0E47-4B18-B950-CBCADFDB9FDA}\gapaengine.dll
2012-06-13 11:07 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA5AE26F-8DCA-4EF9-8128-B3C6036EF51E}\mpengine.dll
2012-06-12 21:34 . 2012-06-12 21:35 -------- d-----w- C:\FRST
2012-06-12 16:07 . 2012-06-12 16:07 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Malwarebytes
2012-06-12 16:05 . 2012-06-12 16:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-12 16:05 . 2012-06-13 05:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-12 11:22 . 2012-06-12 11:22 -------- d-----w- c:\program files (x86)\ESET
2012-06-11 23:18 . 2012-06-11 23:18 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-11 23:18 . 2012-06-11 23:18 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-08 11:44 . 2012-06-08 11:44 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 11:44 . 2012-06-08 11:44 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 19:04 . 2012-06-07 19:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-03 11:09 . 2012-06-13 14:24 -------- d-----r- c:\users\R830-10C\Dropbox
2012-06-03 11:06 . 2012-06-13 06:41 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Dropbox
2012-05-30 12:06 . 2012-05-30 12:06 -------- d-----w- c:\users\R830-10C\AppData\Local\Apple Computer
2012-05-30 08:44 . 2012-05-30 08:44 -------- d-----w- c:\program files (x86)\WMP Tag Plus
2012-05-30 08:44 . 2012-05-04 21:17 104960 ----a-w- c:\program files (x86)\Windows Media Player\wmp.dll
2012-05-30 04:29 . 2012-05-30 04:29 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Apple Computer
2012-05-29 15:49 . 2012-05-29 15:49 -------- d-----w- c:\users\R830-10C\AppData\Local\www.nerdoftheherd.com
2012-05-29 15:49 . 2012-05-29 15:49 -------- d-----w- c:\users\R830-10C\AppData\Roaming\www.nerdoftheherd.com
2012-05-29 15:23 . 2012-05-29 15:24 -------- d-----w- c:\program files (x86)\FLV_Extract_v1.6.2
2012-05-29 14:21 . 2012-05-29 14:22 -------- d-----w- c:\users\R830-10C\AppData\Roaming\FLV Extract
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-29 13:59 . 2012-05-29 13:59 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-29 13:59 . 2012-05-29 13:59 -------- d-----w- c:\programdata\Apple Computer
2012-05-29 13:58 . 2012-05-29 13:58 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-05-29 13:58 . 2012-05-29 13:58 -------- d-----w- c:\users\R830-10C\AppData\Local\Apple
2012-05-29 13:58 . 2012-05-29 13:58 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-29 13:58 . 2012-05-29 13:58 -------- d-----w- c:\programdata\Apple
2012-05-29 13:36 . 2012-05-29 13:36 -------- d-----w- c:\program files (x86)\Topsevenreviews
2012-05-29 13:00 . 2012-05-29 13:00 -------- d-----w- c:\users\R830-10C\AppData\Local\Applian
2012-05-29 12:36 . 2012-05-29 12:36 -------- d-----w- c:\users\R830-10C\AppData\Local\Jaksta_Technologies_Pty_L
2012-05-29 12:35 . 2011-06-26 00:56 33888 ----a-w- c:\windows\system32\drivers\appliand.sys
2012-05-29 12:34 . 2012-05-29 12:34 -------- d-----w- c:\program files (x86)\Applian Technologies
2012-05-29 12:34 . 2012-05-29 12:36 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Replay Media Catcher 4
2012-05-29 12:34 . 2012-05-29 12:34 -------- d-----w- c:\programdata\Applian
2012-05-24 14:21 . 2012-05-24 14:21 -------- d-----w- c:\program files (x86)\uTorrent
2012-05-24 14:19 . 2012-06-11 14:28 -------- d-----w- c:\users\R830-10C\AppData\Roaming\uTorrent
2012-05-21 05:10 . 2012-05-21 05:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-21 05:10 . 2012-05-21 05:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-16 15:36 . 2012-05-16 15:36 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Leadertech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 18:35 . 2012-04-08 17:03 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 18:35 . 2012-03-10 00:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 18:35 . 2012-04-08 17:44 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05 . 2012-05-13 01:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-13 01:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-13 01:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-13 01:50 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-13 01:49 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-13 01:49 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2011-01-17 2475384]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\R830-10C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-9 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-08 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-08 150992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: Interfaces\{F6AA3DFF-CA67-434F-BACE-D58F43D56138}: NameServer = 217.171.132.1 217.171.135.1
FF - ProfilePath - c:\users\R830-10C\AppData\Roaming\Mozilla\Firefox\Profiles\74658lu9.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Radio Downloader - c:\program files\Radio Downloader\Radio Downloader.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-TSUScheduler - %ProgramFiles(x86)%\TOSHIBA\Sync Utility\TosSyncScheduler.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Shorten Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:36,24,93,f9,d7,46,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-06-13 13:19:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 12:19
.
Pre-Run: 255,334,838,272 bytes free
Post-Run: 255,328,968,704 bytes free
.
- - End Of File - - B77DF45F4871364DC5C49B520FC7D4F3
 
MSE is now claiming to be updated and is telling me of 2 potential threats:

Trojan:Win64/Sirefef
Trojan: Win64/Sirefef.W

Should I remove them as recommended by MSE?
 
Bobbye asked me to take a look here.

Please disable "word wrap" in Notepad as some of your logs are hard to read.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Thanks Broni and Bobbye. Here's the log:

Scan result of Farbar Recovery Scan Tool Version: 15-06-2012 01
Ran by SYSTEM at 16-06-2012 08:52:17
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167256 2011-04-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391000 2011-04-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [418136 2011-04-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544104 2011-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-09] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-05-08] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1406248 2011-01-07] (Nero AG)
HKLM-x32\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2475384 2011-01-16] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [845176 2011-02-18] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [845176 2011-02-18] (TOSHIBA)
HKU\R830-10C\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [845176 2011-02-18] (TOSHIBA)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\R830-10C\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Services (Whitelisted) ======
3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2012-03-09] (Adobe Systems)
2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [112080 2011-02-09] (Toshiba Europe GmbH)
2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
========================== Drivers (Whitelisted) =============
3 appliand; C:\Windows\System32\Drivers\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [42096 2010-10-18] (Atheros)
3 massfilter; C:\Windows\System32\Drivers\massfilter.sys [11776 2010-01-19] (ZTE Incorporated)
2 mdvrmng; C:\Windows\SysWow64\Drivers\mdvrmng.sys [10240 2010-01-28] ()
2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [100352 2011-01-24] (REDC)
3 Ser2pl; C:\Windows\system32\drivers\ser2pl64.sys [97280 2010-03-12] (Prolific Technology Inc.)
3 tosrfec; C:\Windows\System32\Drivers\tosrfec.sys [18872 2010-06-18] (TOSHIBA Corporation)
3 ZTEusbmdm6k; C:\Windows\System32\Drivers\ZTEusbmdm6k.sys [119680 2010-01-19] (ZTE Incorporated)
3 ZTEusbnmea; C:\Windows\System32\Drivers\ZTEusbnmea.sys [119680 2010-01-19] (ZTE Incorporated)
3 ZTEusbser6k; C:\Windows\System32\Drivers\ZTEusbser6k.sys [119680 2010-01-19] (ZTE Incorporated)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 Tosrfcom; [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-14 01:07 - 2012-06-12 08:01 - 00607260 ____R (Swearware) C:\Users\R830-10C\Desktop\dds.scr
2012-06-13 04:20 - 2012-06-13 04:20 - 00027086 ____A C:\Users\R830-10C\Desktop\combofix.txt
2012-06-13 04:19 - 2012-06-13 04:19 - 00027086 ____A C:\ComboFix.txt
2012-06-13 04:07 - 2012-06-13 04:17 - 00000000 ____D C:\Windows\ERDNT
2012-06-13 04:07 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-13 04:07 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-13 04:07 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-13 04:07 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-13 04:07 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-13 04:07 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-13 04:07 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-13 04:07 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-13 04:05 - 2012-06-13 04:19 - 00000000 ____D C:\Qoobox
2012-06-13 04:02 - 2012-06-13 04:02 - 04556459 ____R (Swearware) C:\Users\R830-10C\Desktop\ComboFix.exe
2012-06-13 03:58 - 2012-06-13 03:58 - 00000193 ____A C:\Users\R830-10C\Desktop\eset2011-06-13log.txt
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ___RD C:\Users\R830-10C\Documents\Scanned Documents
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ____D C:\Users\R830-10C\Documents\Fax
2012-06-12 20:57 - 2012-06-12 20:57 - 00065536 __ASH C:\Windows\System32\config\components{6c5f0c69-b513-11e1-ab90-e89d87adc928}.TxR.blf
2012-06-12 13:34 - 2012-06-16 08:52 - 00000000 ____D C:\FRST
2012-06-12 08:20 - 2012-06-12 08:20 - 00097155 ____A C:\Users\R830-10C\Desktop\oldAttach.txt
2012-06-12 08:20 - 2012-06-12 08:20 - 00023236 ____A C:\Users\R830-10C\Desktop\oldDDS.txt
2012-06-12 08:17 - 2012-06-12 08:17 - 00000000 ____A C:\Users\R830-10C\Desktop\gmer.log
2012-06-12 08:11 - 2012-06-12 08:11 - 00002040 ____A C:\Users\R830-10C\Desktop\mbam-log-2012-06-12 (17-08-06).txt
2012-06-12 08:07 - 2012-06-12 08:07 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Malwarebytes
2012-06-12 08:05 - 2012-06-12 21:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-12 08:05 - 2012-06-12 08:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-12 03:22 - 2012-06-12 03:22 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-11 15:18 - 2012-06-11 15:18 - 12621696 ____A (Microsoft Corporation) C:\Users\R830-10C\Downloads\mseinstall.exe
2012-06-11 15:18 - 2012-06-11 15:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-11 15:18 - 2012-06-11 15:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-11 07:38 - 2012-06-11 07:38 - 00000134 ____A C:\Users\R830-10C\Desktop\Microsoft Fix it.url
2012-06-11 07:31 - 2012-06-11 07:31 - 00347424 ____A (Microsoft Corporation) C:\Users\R830-10C\Downloads\MicrosoftFixit.wu.Run.exe
2012-06-07 11:04 - 2012-06-07 11:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-07 10:36 - 2012-06-07 10:36 - 00000046 ____A C:\Users\R830-10C\Downloads\Torrent downloaded from Demonoid.me.txt
2012-06-03 03:09 - 2012-06-13 21:19 - 00000000 ___RD C:\Users\R830-10C\Dropbox
2012-06-03 03:09 - 2012-06-03 03:09 - 00001059 ____A C:\Users\R830-10C\Desktop\Dropbox.lnk
2012-06-03 03:06 - 2012-06-13 21:26 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Dropbox
2012-05-30 04:06 - 2012-05-30 04:06 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Apple Computer
2012-05-30 00:44 - 2012-05-30 00:44 - 00000000 ____D C:\Program Files (x86)\WMP Tag Plus
2012-05-29 20:29 - 2012-05-29 20:29 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Apple Computer
2012-05-29 14:00 - 2012-05-29 14:00 - 00007145 ____A C:\Users\R830-10C\Documents\order_receipt_cd_final.php.htm
2012-05-29 14:00 - 2012-05-29 14:00 - 00000000 ____D C:\Users\R830-10C\Documents\order_receipt_cd_final.php_files
2012-05-29 07:50 - 2012-05-29 08:30 - 00000000 ____D C:\Users\R830-10C\Documents\Downloaded Radio
2012-05-29 07:49 - 2012-05-29 07:49 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\www.nerdoftheherd.com
2012-05-29 07:49 - 2012-05-29 07:49 - 00000000 ____D C:\Users\R830-10C\AppData\Local\www.nerdoftheherd.com
2012-05-29 07:24 - 2012-05-29 07:24 - 00001487 ____A C:\Users\R830-10C\Desktop\FLVExtract.lnk
2012-05-29 07:23 - 2012-05-29 07:24 - 00000000 ____D C:\Program Files (x86)\FLV_Extract_v1.6.2
2012-05-29 06:21 - 2012-05-29 06:22 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\FLV Extract
2012-05-29 05:59 - 2012-05-29 05:59 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-29 05:59 - 2012-05-29 05:59 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-05-29 05:59 - 2012-05-29 05:59 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-29 05:58 - 2012-05-29 05:58 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Apple
2012-05-29 05:58 - 2012-05-29 05:58 - 00000000 ____D C:\Users\All Users\Apple
2012-05-29 05:58 - 2012-05-29 05:58 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-29 05:36 - 2012-05-29 05:36 - 00001430 ____A C:\Users\R830-10C\Desktop\Free FLV to Audio Converter.lnk
2012-05-29 05:36 - 2012-05-29 05:36 - 00000000 ____D C:\Users\R830-10C\Documents\Topsevenreviews
2012-05-29 05:36 - 2012-05-29 05:36 - 00000000 ____D C:\Program Files (x86)\Topsevenreviews
2012-05-29 05:00 - 2012-05-29 05:00 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Applian
2012-05-29 04:36 - 2012-06-07 21:17 - 00000000 ____D C:\Users\R830-10C\Documents\My Streaming Media
2012-05-29 04:36 - 2012-05-29 04:36 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Jaksta_Technologies_Pty_L
2012-05-29 04:35 - 2012-06-07 11:14 - 00001316 ____A C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
2012-05-29 04:35 - 2011-06-25 16:56 - 00033888 ____A (Applian Technologies Inc.) C:\Windows\System32\Drivers\appliand.sys
2012-05-29 04:34 - 2012-05-29 04:36 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Replay Media Catcher 4
2012-05-29 04:34 - 2012-05-29 04:34 - 00000000 ____D C:\Users\All Users\Applian
2012-05-29 04:34 - 2012-05-29 04:34 - 00000000 ____D C:\Program Files (x86)\Applian Technologies
2012-05-24 06:21 - 2012-05-24 06:21 - 00000958 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-24 06:21 - 2012-05-24 06:21 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-24 06:19 - 2012-06-11 06:28 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\uTorrent
2012-05-20 21:10 - 2012-05-20 21:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 21:10 - 2012-05-20 21:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

============ 3 Months Modified Files and Folders =============
2012-06-16 08:52 - 2012-06-12 13:34 - 00000000 ____D C:\FRST
2012-06-15 23:49 - 2011-07-15 11:36 - 01265800 ____A C:\Windows\WindowsUpdate.log
2012-06-15 23:49 - 2009-07-13 20:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-15 23:49 - 2009-07-13 20:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-15 23:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-15 23:35 - 2012-04-08 09:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-15 23:35 - 2009-07-13 20:51 - 00038951 ____A C:\Windows\setupact.log
2012-06-15 23:34 - 2012-03-10 02:41 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\SoftGrid Client
2012-06-15 04:17 - 2009-07-13 21:13 - 00730554 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-15 04:03 - 2012-06-15 04:01 - 00018292 ____A C:\Users\R830-10C\Documents\LIVETAPE.txt
2012-06-13 21:26 - 2012-06-03 03:06 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Dropbox
2012-06-13 21:19 - 2012-06-03 03:09 - 00000000 ___RD C:\Users\R830-10C\Dropbox
2012-06-13 06:25 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-06-13 06:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-13 04:20 - 2012-06-13 04:20 - 00027086 ____A C:\Users\R830-10C\Desktop\combofix.txt
2012-06-13 04:19 - 2012-06-13 04:19 - 00027086 ____A C:\ComboFix.txt
2012-06-13 04:19 - 2012-06-13 04:05 - 00000000 ____D C:\Qoobox
2012-06-13 04:19 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-13 04:17 - 2012-06-13 04:07 - 00000000 ____D C:\Windows\ERDNT
2012-06-13 04:13 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-13 04:13 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-13 04:12 - 2012-03-09 17:15 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Free Download Manager
2012-06-13 04:12 - 2010-11-20 19:47 - 00010424 ____A C:\Windows\PFRO.log
2012-06-13 04:02 - 2012-06-13 04:02 - 04556459 ____R (Swearware) C:\Users\R830-10C\Desktop\ComboFix.exe
2012-06-13 03:58 - 2012-06-13 03:58 - 00000193 ____A C:\Users\R830-10C\Desktop\eset2011-06-13log.txt
2012-06-13 02:30 - 2012-03-10 01:43 - 00000000 ____D C:\My Music
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ___RD C:\Users\R830-10C\Documents\Scanned Documents
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ____D C:\Users\R830-10C\Documents\Fax
2012-06-12 21:42 - 2011-10-06 16:02 - 00000000 ____D C:\users\R830-10C
2012-06-12 21:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-12 21:04 - 2012-06-12 08:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-12 20:57 - 2012-06-12 20:57 - 00065536 __ASH C:\Windows\System32\config\components{6c5f0c69-b513-11e1-ab90-e89d87adc928}.TxR.blf
2012-06-12 12:08 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-06-12 10:49 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-12 08:20 - 2012-06-12 08:20 - 00097155 ____A C:\Users\R830-10C\Desktop\oldAttach.txt
2012-06-12 08:20 - 2012-06-12 08:20 - 00023236 ____A C:\Users\R830-10C\Desktop\oldDDS.txt
2012-06-12 08:17 - 2012-06-12 08:17 - 00000000 ____A C:\Users\R830-10C\Desktop\gmer.log
2012-06-12 08:11 - 2012-06-12 08:11 - 00002040 ____A C:\Users\R830-10C\Desktop\mbam-log-2012-06-12 (17-08-06).txt
2012-06-12 08:07 - 2012-06-12 08:07 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Malwarebytes
2012-06-12 08:05 - 2012-06-12 08:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-12 08:01 - 2012-06-14 01:07 - 00607260 ____R (Swearware) C:\Users\R830-10C\Desktop\dds.scr
2012-06-12 03:22 - 2012-06-12 03:22 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-11 15:30 - 2012-03-09 15:58 - 00000000 __SHD C:\Users\R830-10C\AppData\Local\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}
2012-06-11 15:19 - 2012-03-09 15:36 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-11 15:18 - 2012-06-11 15:18 - 12621696 ____A (Microsoft Corporation) C:\Users\R830-10C\Downloads\mseinstall.exe
2012-06-11 15:18 - 2012-06-11 15:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-11 15:18 - 2012-06-11 15:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-11 15:18 - 2012-03-09 15:35 - 00736096 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-11 15:14 - 2009-07-13 21:38 - 00067584 ___AS C:\Windows\bootstat(23).dat
2012-06-11 07:38 - 2012-06-11 07:38 - 00000134 ____A C:\Users\R830-10C\Desktop\Microsoft Fix it.url
2012-06-11 07:31 - 2012-06-11 07:31 - 00347424 ____A (Microsoft Corporation) C:\Users\R830-10C\Downloads\MicrosoftFixit.wu.Run.exe
2012-06-11 07:00 - 2012-03-25 00:28 - 00000000 ____D C:\Users\R830-10C\AppData\Local\ElevatedDiagnostics
2012-06-11 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-11 06:28 - 2012-05-24 06:19 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\uTorrent
2012-06-09 05:54 - 2012-05-13 01:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-09 05:53 - 2012-03-11 06:31 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Mp3tag
2012-06-08 03:44 - 2012-03-09 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-07 21:29 - 2012-04-17 04:02 - 00000000 ____D C:\My Pictures
2012-06-07 21:27 - 2011-08-04 02:47 - 00000000 ____D C:\Jukebox
2012-06-07 21:17 - 2012-05-29 04:36 - 00000000 ____D C:\Users\R830-10C\Documents\My Streaming Media
2012-06-07 11:14 - 2012-05-29 04:35 - 00001316 ____A C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
2012-06-07 11:04 - 2012-06-07 11:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-07 11:00 - 2011-10-06 16:02 - 00000000 ____D C:\Users\R830-10C\AppData\LocalLow
2012-06-07 10:36 - 2012-06-07 10:36 - 00000046 ____A C:\Users\R830-10C\Downloads\Torrent downloaded from Demonoid.me.txt
2012-06-07 04:13 - 2012-03-09 16:13 - 00000000 ____D C:\Users\R830-10C\Documents\My PSP8 Files
2012-06-06 04:38 - 2011-06-28 07:19 - 00000000 ____D C:\Alpha4 Data
2012-06-06 04:38 - 2011-06-28 03:06 - 00000000 ____D C:\DVD Decrypter
2012-06-03 03:09 - 2012-06-03 03:09 - 00001059 ____A C:\Users\R830-10C\Desktop\Dropbox.lnk
2012-05-30 04:06 - 2012-05-30 04:06 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Apple Computer
2012-05-30 00:59 - 2009-07-13 21:08 - 00023274 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-30 00:44 - 2012-05-30 00:44 - 00000000 ____D C:\Program Files (x86)\WMP Tag Plus
2012-05-29 20:29 - 2012-05-29 20:29 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Apple Computer
2012-05-29 14:00 - 2012-05-29 14:00 - 00007145 ____A C:\Users\R830-10C\Documents\order_receipt_cd_final.php.htm
2012-05-29 14:00 - 2012-05-29 14:00 - 00000000 ____D C:\Users\R830-10C\Documents\order_receipt_cd_final.php_files
2012-05-29 08:30 - 2012-05-29 07:50 - 00000000 ____D C:\Users\R830-10C\Documents\Downloaded Radio
2012-05-29 07:49 - 2012-05-29 07:49 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\www.nerdoftheherd.com
2012-05-29 07:49 - 2012-05-29 07:49 - 00000000 ____D C:\Users\R830-10C\AppData\Local\www.nerdoftheherd.com
2012-05-29 07:24 - 2012-05-29 07:24 - 00001487 ____A C:\Users\R830-10C\Desktop\FLVExtract.lnk
2012-05-29 07:24 - 2012-05-29 07:23 - 00000000 ____D C:\Program Files (x86)\FLV_Extract_v1.6.2
2012-05-29 06:22 - 2012-05-29 06:21 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\FLV Extract
2012-05-29 05:59 - 2012-05-29 05:59 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-29 05:59 - 2012-05-29 05:59 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-05-29 05:59 - 2012-05-29 05:59 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-29 05:58 - 2012-05-29 05:58 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Apple
2012-05-29 05:58 - 2012-05-29 05:58 - 00000000 ____D C:\Users\All Users\Apple
2012-05-29 05:58 - 2012-05-29 05:58 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-29 05:36 - 2012-05-29 05:36 - 00001430 ____A C:\Users\R830-10C\Desktop\Free FLV to Audio Converter.lnk
2012-05-29 05:36 - 2012-05-29 05:36 - 00000000 ____D C:\Users\R830-10C\Documents\Topsevenreviews
2012-05-29 05:36 - 2012-05-29 05:36 - 00000000 ____D C:\Program Files (x86)\Topsevenreviews
2012-05-29 05:00 - 2012-05-29 05:00 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Applian
2012-05-29 04:36 - 2012-05-29 04:36 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Jaksta_Technologies_Pty_L
2012-05-29 04:36 - 2012-05-29 04:34 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Replay Media Catcher 4
2012-05-29 04:34 - 2012-05-29 04:34 - 00000000 ____D C:\Users\All Users\Applian
2012-05-29 04:34 - 2012-05-29 04:34 - 00000000 ____D C:\Program Files (x86)\Applian Technologies
2012-05-24 06:21 - 2012-05-24 06:21 - 00000958 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-24 06:21 - 2012-05-24 06:21 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-20 21:10 - 2012-05-20 21:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 21:10 - 2012-05-20 21:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-16 07:36 - 2012-05-16 07:36 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Leadertech
2012-05-15 21:02 - 2011-10-06 08:08 - 00000000 ____D C:\Users\R830-10C\AppData\Local\VirtualStore
2012-05-13 01:51 - 2012-05-13 01:51 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-12 18:29 - 2009-07-13 20:45 - 00267560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 18:10 - 2012-03-09 14:03 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-12 18:00 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-05 10:35 - 2012-04-08 09:44 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 10:35 - 2012-04-08 09:03 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 10:35 - 2012-03-09 16:52 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-27 03:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2012-04-18 11:56 - 2012-04-18 11:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 11:56 - 2012-04-18 11:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-16 07:23 - 2012-03-09 15:33 - 00000000 ____D C:\Users\All Users\Toshiba
2012-04-12 18:42 - 2012-03-09 15:26 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-11 03:28 - 2012-04-11 03:28 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Nero_AG
2012-04-11 03:27 - 2012-04-11 03:27 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Nero
2012-04-11 03:27 - 2012-04-11 03:27 - 00000000 ____D C:\Users\R830-10C\AppData\Local\Nero
2012-04-11 01:50 - 2012-04-11 01:50 - 00001669 ____A C:\Users\Public\Desktop\Recuva.lnk
2012-04-11 01:50 - 2012-04-11 01:50 - 00000000 ____D C:\Program Files\Recuva
2012-04-05 03:28 - 2011-10-06 08:08 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\Toshiba
2012-04-05 03:26 - 2012-04-05 03:26 - 00000000 ____D C:\Users\R830-10C\AppData\Local\{C5636744-F286-459E-92A6-F2C7448AD18A}
2012-04-03 04:03 - 2012-04-03 04:03 - 00000000 ____D C:\Users\R830-10C\AppData\Local\{F3561564-F682-43AC-80BB-5DC603AA84FA}
2012-04-03 04:03 - 2012-04-03 04:03 - 00000000 ____D C:\Users\R830-10C\AppData\Local\{5DDB77BA-B3C3-446C-B373-4212CC82B8B9}
2012-03-30 22:05 - 2012-05-12 17:50 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-12 17:50 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-12 17:50 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-12 17:50 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-12 17:49 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-25 08:47 - 2012-03-25 08:47 - 00000000 ____D C:\Users\R830-10C\AppData\Roaming\InstallShield
2012-03-20 11:44 - 2012-03-20 11:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 11:44 - 2012-03-20 11:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
ZeroAccess:
C:\Windows\Installer\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}
C:\Windows\Installer\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\@
C:\Windows\Installer\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\L
C:\Windows\Installer\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\U
C:\Windows\Installer\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\U\00000001.@
C:\Windows\Installer\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\U\80000000.@
C:\Windows\Installer\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\U\800000cb.@
ZeroAccess:
C:\Users\R830-10C\AppData\Local\VirtualStore
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)
C:\Users\R830-10C\AppData\Local\VirtualStore\ProgramData
C:\Users\R830-10C\AppData\Local\VirtualStore\U
C:\Users\R830-10C\AppData\Local\VirtualStore\Windows
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\AoA DVD Ripper
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\XVideoConverter
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\AoA DVD Ripper\setting.ini
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Learning Center
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Python Libraries
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Learning Center\Paint Shop Pro.chw
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\JascScriptMsgs.pyc
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\JascScriptParse.pyc
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\JascScriptPyBlocks.pyc
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\JascTools.pyc
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\locale.pyc
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\XVideoConverter\end.jpg
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\XVideoConverter\option.ini
C:\Users\R830-10C\AppData\Local\VirtualStore\Program Files (x86)\XVideoConverter\start.jpg
C:\Users\R830-10C\AppData\Local\VirtualStore\ProgramData\Microsoft
C:\Users\R830-10C\AppData\Local\VirtualStore\ProgramData\Microsoft\HTML Help
C:\Users\R830-10C\AppData\Local\VirtualStore\Windows\AoADVDRipper.INI
ZeroAccess:
C:\Users\R830-10C\AppData\Local\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}
C:\Users\R830-10C\AppData\Local\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\@
C:\Users\R830-10C\AppData\Local\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\L
C:\Users\R830-10C\AppData\Local\{1c09dfac-831f-9bb6-02a2-a70c71aea57a}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-05-08 15:01] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759
C:\Windows\SysWOW64\svchost.exe
[2011-05-08 15:01] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-05-08 15:01] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B

==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 9%
Total physical RAM: 8095.43 MB
Available physical RAM: 7314.68 MB
Total Pagefile: 8093.63 MB
Available Pagefile: 7297.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (TI30780500A) (Fixed) (Total:282.45 GB) (Free:241.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.86 GB) (Free:1.71 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1910 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 282 GB 1501 MB
Partition 3 Primary 14 GB 283 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI30780500A NTFS Partition 282 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 64 KB
======================================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1909 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-07 15:01
======================= End Of Log ==========================
 
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

volsnap.sys;svchost.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Here is the search.txt log:

Farbar Recovery Scan Tool Version: 15-06-2012 01
Ran by SYSTEM at 2012-06-16 16:39:25
Running from F:\
================== Search: "volsnap.sys;svchost.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2011-05-08 15:01] - [2011-03-01 00:07] - 0021504 ____A (Microsoft Corporation) A91A288C91F9D9F1CFA4FAA9893C4D55
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
[2011-05-08 15:01] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 15:19] - [2009-07-13 17:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys
[2011-05-08 15:01] - [2011-02-24 22:28] - 0296320 ____A (Microsoft Corporation) 879CE6AEA3FE874AD4C500B6B6198EB0
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys
[2011-05-08 15:01] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2010-11-20 19:23] - [2010-11-20 19:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011-05-08 15:01] - [2011-03-01 00:10] - 0027648 ____A (Microsoft Corporation) 635455A95EB8EC47AC72142E501465ED
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011-05-08 15:01] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\SysWOW64\svchost.exe
[2011-05-08 15:01] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\System32\svchost.exe
[2011-05-08 15:01] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_e7c4cd5b40e03494\volsnap.sys
[2011-05-08 15:01] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010-11-20 19:23] - [2010-11-20 19:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
C:\Windows\System32\drivers\volsnap.sys
[2011-05-08 15:01] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B
C:\Windows\ERDNT\cache86\svchost.exe
[2012-06-13 04:17] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\ERDNT\cache64\svchost.exe
[2012-06-13 04:17] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759
====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    565 bytes · Views: 1
Done. Log below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-06-2012 01
Ran by SYSTEM at 2012-06-16 17:22:59 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{1c09dfac-831f-9bb6-02a2-a70c71aea57a} moved successfully.
C:\Users\R830-10C\AppData\Local\VirtualStore moved successfully.
C:\Users\R830-10C\AppData\Local\{1c09dfac-831f-9bb6-02a2-a70c71aea57a} moved successfully.
C:\Windows\System32\svchost.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe copied successfully to C:\Windows\System32\svchost.exe
C:\Windows\System32\drivers\volsnap.sys moved successfully.
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys copied successfully to C:\Windows\System32\drivers\volsnap.sys
==== End of Fixlog ====
 
Good :)

Restart normally, let me know if MSE is still complaining and post new Combofix log.
 
MSE not complaining after restart. Reran Combofix and log attached. However, since running Combofix next to nothing is working on laptop. When trying to start most applications I get the following error: Illegal Opration attempted on a registry key that has been marked for deletion.

Combofix log:

ComboFix 12-06-15.06 - R830-10C 16/06/2012 18:40:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8095.6459 [GMT 1:00]
Running from: c:\users\R830-10C\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 17:47 . 2012-06-16 17:47 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B077BC3F-D573-430B-9BF3-159EFD5AD1D8}\offreg.dll
2012-06-16 17:46 . 2012-06-16 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 17:35 . 2012-06-16 17:35 -------- d-----w- c:\users\R830-10C\AppData\Local\VirtualStore
2012-06-14 11:47 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B077BC3F-D573-430B-9BF3-159EFD5AD1D8}\mpengine.dll
2012-06-13 12:29 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 11:07 . 2012-06-13 11:07 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C41552B4-0E47-4B18-B950-CBCADFDB9FDA}\gapaengine.dll
2012-06-12 21:34 . 2012-06-16 16:53 -------- d-----w- C:\FRST
2012-06-12 16:07 . 2012-06-12 16:07 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Malwarebytes
2012-06-12 16:05 . 2012-06-12 16:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-12 16:05 . 2012-06-13 05:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-12 11:22 . 2012-06-12 11:22 -------- d-----w- c:\program files (x86)\ESET
2012-06-11 23:18 . 2012-06-11 23:18 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-11 23:18 . 2012-06-11 23:18 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-08 11:44 . 2012-06-08 11:44 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 11:44 . 2012-06-08 11:44 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 19:04 . 2012-06-07 19:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-03 11:09 . 2012-06-14 05:19 -------- d-----r- c:\users\R830-10C\Dropbox
2012-06-03 11:06 . 2012-06-14 05:26 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Dropbox
2012-05-30 12:06 . 2012-05-30 12:06 -------- d-----w- c:\users\R830-10C\AppData\Local\Apple Computer
2012-05-30 08:44 . 2012-05-30 08:44 -------- d-----w- c:\program files (x86)\WMP Tag Plus
2012-05-30 08:44 . 2012-05-04 21:17 104960 ----a-w- c:\program files (x86)\Windows Media Player\wmp.dll
2012-05-30 04:29 . 2012-05-30 04:29 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Apple Computer
2012-05-29 15:49 . 2012-05-29 15:49 -------- d-----w- c:\users\R830-10C\AppData\Local\www.nerdoftheherd.com
2012-05-29 15:49 . 2012-05-29 15:49 -------- d-----w- c:\users\R830-10C\AppData\Roaming\www.nerdoftheherd.com
2012-05-29 15:23 . 2012-05-29 15:24 -------- d-----w- c:\program files (x86)\FLV_Extract_v1.6.2
2012-05-29 14:21 . 2012-05-29 14:22 -------- d-----w- c:\users\R830-10C\AppData\Roaming\FLV Extract
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-29 13:59 . 2012-05-29 13:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-29 13:59 . 2012-05-29 13:59 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-29 13:59 . 2012-05-29 13:59 -------- d-----w- c:\programdata\Apple Computer
2012-05-29 13:58 . 2012-05-29 13:58 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-05-29 13:58 . 2012-05-29 13:58 -------- d-----w- c:\users\R830-10C\AppData\Local\Apple
2012-05-29 13:58 . 2012-05-29 13:58 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-29 13:58 . 2012-05-29 13:58 -------- d-----w- c:\programdata\Apple
2012-05-29 13:36 . 2012-05-29 13:36 -------- d-----w- c:\program files (x86)\Topsevenreviews
2012-05-29 13:00 . 2012-05-29 13:00 -------- d-----w- c:\users\R830-10C\AppData\Local\Applian
2012-05-29 12:36 . 2012-05-29 12:36 -------- d-----w- c:\users\R830-10C\AppData\Local\Jaksta_Technologies_Pty_L
2012-05-29 12:35 . 2011-06-26 00:56 33888 ----a-w- c:\windows\system32\drivers\appliand.sys
2012-05-29 12:34 . 2012-05-29 12:34 -------- d-----w- c:\program files (x86)\Applian Technologies
2012-05-29 12:34 . 2012-05-29 12:36 -------- d-----w- c:\users\R830-10C\AppData\Roaming\Replay Media Catcher 4
2012-05-29 12:34 . 2012-05-29 12:34 -------- d-----w- c:\programdata\Applian
2012-05-24 14:21 . 2012-05-24 14:21 -------- d-----w- c:\program files (x86)\uTorrent
2012-05-24 14:19 . 2012-06-11 14:28 -------- d-----w- c:\users\R830-10C\AppData\Roaming\uTorrent
2012-05-21 05:10 . 2012-05-21 05:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-21 05:10 . 2012-05-21 05:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 18:35 . 2012-04-08 17:03 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 18:35 . 2012-03-10 00:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 18:35 . 2012-04-08 17:44 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05 . 2012-05-13 01:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-13 01:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-13 01:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-13 01:50 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-13 01:49 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-13_12.13.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-16 17:49 50694 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-16 17:49 34170 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-08 23:01 . 2009-07-14 01:39 27136 c:\windows\system32\svchost.exe
+ 2012-03-09 22:49 . 2012-06-13 12:28 5710 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-07 00:03 . 2012-06-16 17:49 8310 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4274466072-2097155775-4171246916-1000_UserData.bin
+ 2012-06-16 17:47 . 2012-06-16 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-13 12:13 . 2012-06-13 12:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-13 12:13 . 2012-06-13 12:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-16 17:47 . 2012-06-16 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-07 00:00 . 2012-06-16 07:48 252608 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-16 17:42 631004 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-13 10:42 631004 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-13 10:42 111798 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-16 17:42 111798 c:\windows\system32\perfc009.dat
+ 2011-05-08 23:01 . 2010-11-21 03:23 295808 c:\windows\system32\drivers\volsnap.sys
- 2011-10-06 16:06 . 2012-06-13 05:14 409600 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-06 16:06 . 2012-06-13 13:07 409600 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-06-16 17:46 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-13 12:12 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-06 16:06 . 2012-06-13 05:14 4947968 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-06 16:06 . 2012-06-13 13:07 4947968 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-06 16:09 . 2012-06-09 13:53 1931536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-06 16:09 . 2012-06-16 07:34 1931536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-09 17:26 . 2012-06-13 12:12 1952740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4274466072-2097155775-4171246916-1000-4096.dat
+ 2012-03-09 17:26 . 2012-06-16 07:34 1952740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4274466072-2097155775-4171246916-1000-4096.dat
- 2009-07-14 04:54 . 2012-06-13 05:14 15253504 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-13 13:07 15253504 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-06 16:09 . 2012-06-16 17:46 12248536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4274466072-2097155775-4171246916-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2011-01-17 2475384]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\R830-10C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-9 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-08 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\R830-10C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-08 150992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\R830-10C\AppData\Roaming\Mozilla\Firefox\Profiles\74658lu9.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:36,24,93,f9,d7,46,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-06-16 18:52:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 17:52
ComboFix2.txt 2012-06-13 12:19
.
Pre-Run: 258,616,852,480 bytes free
Post-Run: 258,629,582,848 bytes free
.
- - End Of File - - 5FBC296746680D1C4D7801DBE7A7AE46
 
Good news :)

Illegal Opration attempted on a registry key that has been marked for deletion.
Click to expand...
Restart computer to fix the issue.

Combofix log looks good.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Reboot fixed the problem. No further issues.

Part 1 of OTL.txt:

OTL logfile created on: 6/17/2012 12:43:21 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\R830-10C\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.91 Gb Total Physical Memory | 6.47 Gb Available Physical Memory | 81.85% Memory free
15.81 Gb Paging File | 14.18 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.45 Gb Total Space | 240.59 Gb Free Space | 85.18% Space Free | Partition Type: NTFS

Computer Name: R830-10C-TOSH | User Name: R830-10C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 00:39:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\R830-10C\Desktop\OTL.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/14 10:55:14 | 000,572,712 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/21 02:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 02:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/03 22:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/07/29 04:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/22 21:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/03/11 02:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/07 21:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/06 03:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/25 04:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/12/10 01:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 23:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/08 12:44:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/05 19:35:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2011/01/14 10:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/12/21 02:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/21 02:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/12 18:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 00:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/11 02:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/26 01:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011/06/26 01:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011/04/05 04:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/02 02:26:40 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 22:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 22:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/04 03:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 23:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/24 21:56:00 | 000,100,352 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 03:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/02 17:49:08 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/18 22:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/15 09:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/06/19 00:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/03/12 17:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/01/19 12:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/07/31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 20:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 00:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 18:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/23 01:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 03:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/01/28 14:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {473023DB-D078-48EE-A10B-2C580CC6F8A2}
IE:64bit: - HKLM\..\SearchScopes\{473023DB-D078-48EE-A10B-2C580CC6F8A2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {473023DB-D078-48EE-A10B-2C580CC6F8A2}
IE - HKLM\..\SearchScopes\{473023DB-D078-48EE-A10B-2C580CC6F8A2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
IE - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\..\SearchScopes,DefaultScope = {7588743E-A7DE-4154-8484-0F8FEB1827BF}
IE - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\..\SearchScopes\{5AD8DE58-1A73-4B81-B012-2E402C23C2DD}: "URL" = http://www.amazon.co.uk/gp/search?i...-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\..\SearchScopes\{7588743E-A7DE-4154-8484-0F8FEB1827BF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\..\SearchScopes\{B06359D7-8FD1-4A86-A8E6-6597E457615D}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/08 12:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/08 12:44:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/10 01:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\R830-10C\AppData\Roaming\mozilla\Extensions
[2012/05/06 00:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\R830-10C\AppData\Roaming\mozilla\Firefox\Profiles\74658lu9.default\extensions
[2012/03/10 01:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/13 16:03:56 | 000,027,292 | ---- | M] () (No name found) -- C:\USERS\R830-10C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74658LU9.DEFAULT\EXTENSIONS\FURKUPLOADER@FURK.NET.XPI
[2012/06/08 12:44:47 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/13 10:51:43 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/13 10:51:43 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/13 10:51:43 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/13 10:51:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/13 10:51:43 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/06/16 18:47:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\R830-10C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4274466072-2097155775-4171246916-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34508C95-F4FD-4F20-BE77-41EF3F1B1333}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
You must log in or register to reply here.

Similar threads

J
Need help with BSOD Event ID 41
Replies
1
Views
1K
Kshipper
Kshipper
E
Camera on Toshiba laptop suddenly not working; appropriate drivers from Techspot
Replies
6
Views
3K
Kshipper
Kshipper
J
  • Locked
Inactive Is there anything to fix this problem? on laptop?
Replies
2
Views
1K
Broni
Broni

Latest posts

Back