Jump to content

HJT will not save log


Recommended Posts

I am having a similar problem on my Windows7 PC... Had Hijack this previously loaded, but it no longer will save a logfile.... Went to control panel and chose repair.... No fix. Deleted that installation of Hijack this and downloaded the new installer for Ver. 2.0.4 and reinstalled... Same problem... Downloaded RogueKiller and performed scan ... Report attached

RogueKiller V7.0.3 [02/06/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: MLMLM [Admin rights]

Mode: Scan -- Date : 02/07/2012 04:46:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6476GSXN +++++

--- User ---

[MBR] b8804eb13f2b03ef79e221133212af7b

[bSP] cf81b80618fd166be3ab24b66ded586c : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594520 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1220651008 | Size: 14459 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

RKreport1.txt

Edited by Maurice Naggar
RogueKiller report put In-Line
Link to post
Share on other sites

Hello,

Your system appears to have the Alureon bootkit infection.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

IF you have a recent full-image backup from before the infection, the fastest (safest) thing is to restore from that image.

Do you have one?

We can remove the bootkit but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do.

Link to post
Share on other sites

We generally do not use Hijackthis (just as an aside). Yes the bootkit has to be cleared up !!

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg , and then click Control Panel >> Appearance and Personalization >> Folder Options.
  • Click the View tab.
    Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.
  • Click Apply > OK.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan. On this scan, I only want a report. Do not do any fix !

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply using Copy & Paste into reply box.

Link to post
Share on other sites

Thank you again for your assistance....

I have followed your instructions and have posted the results of the AnswMBR report below...

When the scan completed the "FIX" button was "NOT" enabled

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software

Run date: 2012-02-07 18:57:53

-----------------------------

18:57:53.630 OS Version: Windows x64 6.1.7601 Service Pack 1

18:57:53.630 Number of processors: 4 586 0x2A07

18:57:53.630 ComputerName: OWNER-PC UserName: MLMLM

18:58:53.250 Initialize success

19:06:44.727 AVAST engine defs: 12020701

19:07:51.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

19:07:51.570 Disk 0 Vendor: TOSHIBA_ GB00 Size: 610480MB BusType: 3

19:07:51.600 Disk 0 MBR read successfully

19:07:51.610 Disk 0 MBR scan

19:07:51.620 Disk 0 Windows VISTA default MBR code

19:07:51.630 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

19:07:51.650 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594520 MB offset 3074048

19:07:51.690 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14459 MB offset 1220651008

19:07:51.700 Service scanning

19:07:52.392 Service KL1 C:\windows\system32\DRIVERS\kl1.sys **LOCKED** 5

19:07:52.408 Service kl2 C:\windows\system32\DRIVERS\kl2.sys **LOCKED** 5

19:07:52.408 Service KLIM6 C:\windows\system32\DRIVERS\klim6.sys **LOCKED** 5

19:07:52.408 Service klmouflt C:\windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5

19:07:53.063 Modules scanning

19:07:53.079 Scan finished successfully

19:09:09.643 Disk 0 MBR has been saved successfully to "C:\Users\MLMLM\Desktop\MBR.dat"

19:09:09.643 The log file has been saved successfully to "C:\Users\MLMLM\Desktop\aswMBR.txt"

************************************************************

The results of the TDSSKiller program as listed below....

19:19:55.0489 6884 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

19:19:56.0339 6884 ============================================================

19:19:56.0339 6884 Current date / time: 2012/02/07 19:19:56.0339

19:19:56.0339 6884 SystemInfo:

19:19:56.0339 6884

19:19:56.0339 6884 OS Version: 6.1.7601 ServicePack: 1.0

19:19:56.0339 6884 Product type: Workstation

19:19:56.0339 6884 ComputerName: OWNER-PC

19:19:56.0339 6884 UserName: MLMLM

19:19:56.0339 6884 Windows directory: C:\windows

19:19:56.0339 6884 System windows directory: C:\windows

19:19:56.0339 6884 Running under WOW64

19:19:56.0339 6884 Processor architecture: Intel x64

19:19:56.0339 6884 Number of processors: 4

19:19:56.0339 6884 Page size: 0x1000

19:19:56.0339 6884 Boot type: Normal boot

19:19:56.0339 6884 ============================================================

19:19:56.0689 6884 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:19:56.0699 6884 \Device\Harddisk0\DR0:

19:19:56.0699 6884 MBR used

19:19:56.0699 6884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x4892C000

19:19:56.0709 6884 Initialize success

19:19:56.0709 6884 ============================================================

19:20:06.0287 6172 ============================================================

19:20:06.0287 6172 Scan started

19:20:06.0287 6172 Mode: Manual;

19:20:06.0287 6172 ============================================================

19:20:08.0003 6172 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

19:20:08.0003 6172 1394ohci - ok

19:20:08.0093 6172 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

19:20:08.0093 6172 ACPI - ok

19:20:08.0193 6172 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

19:20:08.0193 6172 AcpiPmi - ok

19:20:08.0323 6172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

19:20:08.0333 6172 adp94xx - ok

19:20:08.0453 6172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

19:20:08.0463 6172 adpahci - ok

19:20:08.0563 6172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

19:20:08.0563 6172 adpu320 - ok

19:20:08.0673 6172 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys

19:20:08.0673 6172 AFD - ok

19:20:08.0763 6172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

19:20:08.0763 6172 agp440 - ok

19:20:08.0873 6172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

19:20:08.0873 6172 aliide - ok

19:20:08.0973 6172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

19:20:08.0973 6172 amdide - ok

19:20:09.0070 6172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

19:20:09.0070 6172 AmdK8 - ok

19:20:09.0164 6172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

19:20:09.0164 6172 AmdPPM - ok

19:20:09.0257 6172 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

19:20:09.0257 6172 amdsata - ok

19:20:09.0367 6172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

19:20:09.0382 6172 amdsbs - ok

19:20:09.0476 6172 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

19:20:09.0476 6172 amdxata - ok

19:20:09.0554 6172 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

19:20:09.0554 6172 AppID - ok

19:20:09.0647 6172 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

19:20:09.0647 6172 arc - ok

19:20:09.0725 6172 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

19:20:09.0741 6172 arcsas - ok

19:20:09.0835 6172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

19:20:09.0835 6172 AsyncMac - ok

19:20:09.0928 6172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

19:20:09.0944 6172 atapi - ok

19:20:10.0084 6172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

19:20:10.0084 6172 b06bdrv - ok

19:20:10.0193 6172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

19:20:10.0193 6172 b57nd60a - ok

19:20:10.0287 6172 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

19:20:10.0287 6172 Beep - ok

19:20:10.0396 6172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys

19:20:10.0396 6172 blbdrive - ok

19:20:10.0490 6172 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

19:20:10.0490 6172 bowser - ok

19:20:10.0599 6172 bpenum (3dcb409bcbd02ab0675682f8e42a410f) C:\windows\system32\DRIVERS\bpenum.sys

19:20:10.0599 6172 bpenum - ok

19:20:10.0693 6172 bpmp (6c66eef6669b14df4f426990a1ca5112) C:\windows\system32\DRIVERS\bpmp.sys

19:20:10.0708 6172 bpmp - ok

19:20:10.0849 6172 bpusb (2ee68405bbade51cbe1c973ff3a1a400) C:\windows\system32\Drivers\bpusb.sys

19:20:10.0849 6172 bpusb - ok

19:20:10.0942 6172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

19:20:10.0958 6172 BrFiltLo - ok

19:20:11.0036 6172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

19:20:11.0051 6172 BrFiltUp - ok

19:20:11.0129 6172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

19:20:11.0145 6172 Brserid - ok

19:20:11.0239 6172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

19:20:11.0239 6172 BrSerWdm - ok

19:20:11.0363 6172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

19:20:11.0379 6172 BrUsbMdm - ok

19:20:11.0473 6172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

19:20:11.0473 6172 BrUsbSer - ok

19:20:11.0566 6172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

19:20:11.0566 6172 BTHMODEM - ok

19:20:11.0675 6172 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

19:20:11.0675 6172 cdfs - ok

19:20:11.0785 6172 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

19:20:11.0785 6172 cdrom - ok

19:20:11.0909 6172 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys

19:20:11.0909 6172 CeKbFilter - ok

19:20:12.0065 6172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

19:20:12.0081 6172 circlass - ok

19:20:12.0175 6172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

19:20:12.0190 6172 CLFS - ok

19:20:12.0331 6172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys

19:20:12.0331 6172 CmBatt - ok

19:20:12.0424 6172 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

19:20:12.0424 6172 cmdide - ok

19:20:12.0565 6172 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

19:20:12.0565 6172 CNG - ok

19:20:12.0705 6172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

19:20:12.0705 6172 Compbatt - ok

19:20:12.0799 6172 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

19:20:12.0799 6172 CompositeBus - ok

19:20:12.0908 6172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

19:20:12.0923 6172 crcdisk - ok

19:20:13.0048 6172 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

19:20:13.0048 6172 DfsC - ok

19:20:13.0142 6172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

19:20:13.0142 6172 discache - ok

19:20:13.0267 6172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

19:20:13.0267 6172 Disk - ok

19:20:13.0407 6172 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

19:20:13.0407 6172 drmkaud - ok

19:20:13.0547 6172 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

19:20:13.0563 6172 DXGKrnl - ok

19:20:13.0719 6172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

19:20:13.0859 6172 ebdrv - ok

19:20:13.0953 6172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

19:20:13.0969 6172 elxstor - ok

19:20:14.0062 6172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

19:20:14.0062 6172 ErrDev - ok

19:20:14.0180 6172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

19:20:14.0190 6172 exfat - ok

19:20:14.0290 6172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

19:20:14.0290 6172 fastfat - ok

19:20:14.0390 6172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

19:20:14.0400 6172 fdc - ok

19:20:14.0490 6172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

19:20:14.0500 6172 FileInfo - ok

19:20:14.0620 6172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

19:20:14.0620 6172 Filetrace - ok

19:20:14.0700 6172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

19:20:14.0710 6172 flpydisk - ok

19:20:14.0810 6172 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

19:20:14.0820 6172 FltMgr - ok

19:20:14.0910 6172 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

19:20:14.0910 6172 FsDepends - ok

19:20:15.0020 6172 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

19:20:15.0020 6172 Fs_Rec - ok

19:20:15.0120 6172 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

19:20:15.0130 6172 fvevol - ok

19:20:15.0210 6172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

19:20:15.0220 6172 gagp30kx - ok

19:20:15.0350 6172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

19:20:15.0360 6172 hcw85cir - ok

19:20:15.0470 6172 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

19:20:15.0480 6172 HdAudAddService - ok

19:20:15.0590 6172 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

19:20:15.0590 6172 HDAudBus - ok

19:20:15.0690 6172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

19:20:15.0700 6172 HidBatt - ok

19:20:15.0770 6172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

19:20:15.0780 6172 HidBth - ok

19:20:15.0860 6172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

19:20:15.0860 6172 HidIr - ok

19:20:16.0000 6172 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

19:20:16.0000 6172 HidUsb - ok

19:20:16.0110 6172 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

19:20:16.0110 6172 HpSAMD - ok

19:20:16.0220 6172 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

19:20:16.0230 6172 HTTP - ok

19:20:16.0300 6172 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

19:20:16.0300 6172 hwpolicy - ok

19:20:16.0420 6172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

19:20:16.0420 6172 i8042prt - ok

19:20:16.0570 6172 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys

19:20:16.0580 6172 iaStor - ok

19:20:16.0700 6172 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

19:20:16.0710 6172 iaStorV - ok

19:20:17.0040 6172 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys

19:20:17.0090 6172 igfx - ok

19:20:17.0170 6172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

19:20:17.0180 6172 iirsp - ok

19:20:17.0330 6172 IntcAzAudAddService (ac9aafd18e4d52084c4aa8a38795b7e4) C:\windows\system32\drivers\RTKVHD64.sys

19:20:17.0340 6172 IntcAzAudAddService - ok

19:20:17.0440 6172 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

19:20:17.0450 6172 IntcDAud - ok

19:20:17.0520 6172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

19:20:17.0530 6172 intelide - ok

19:20:17.0610 6172 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

19:20:17.0610 6172 intelppm - ok

19:20:17.0700 6172 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

19:20:17.0700 6172 IpFilterDriver - ok

19:20:17.0800 6172 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

19:20:17.0810 6172 IPMIDRV - ok

19:20:17.0910 6172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

19:20:17.0910 6172 IPNAT - ok

19:20:18.0010 6172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

19:20:18.0010 6172 IRENUM - ok

19:20:18.0130 6172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

19:20:18.0130 6172 isapnp - ok

19:20:18.0230 6172 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

19:20:18.0240 6172 iScsiPrt - ok

19:20:18.0380 6172 JMCR (25d602ae635a0443458fbed1a8b6e4e9) C:\windows\system32\DRIVERS\jmcr.sys

19:20:18.0390 6172 JMCR - ok

19:20:18.0480 6172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

19:20:18.0480 6172 kbdclass - ok

19:20:18.0580 6172 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

19:20:18.0590 6172 kbdhid - ok

19:20:18.0700 6172 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys

19:20:18.0710 6172 KL1 - ok

19:20:18.0870 6172 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys

19:20:18.0870 6172 kl2 - ok

19:20:18.0990 6172 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\windows\system32\DRIVERS\klif.sys

19:20:19.0000 6172 KLIF - ok

19:20:19.0100 6172 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys

19:20:19.0110 6172 KLIM6 - ok

19:20:19.0180 6172 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys

19:20:19.0190 6172 klmouflt - ok

19:20:19.0270 6172 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

19:20:19.0280 6172 KSecDD - ok

19:20:19.0380 6172 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

19:20:19.0380 6172 KSecPkg - ok

19:20:19.0460 6172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

19:20:19.0460 6172 ksthunk - ok

19:20:19.0590 6172 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

19:20:19.0600 6172 Lavasoft Kernexplorer - ok

19:20:19.0730 6172 Lbd (c8b3131857931ae76798a741cc52b021) C:\windows\system32\DRIVERS\Lbd.sys

19:20:19.0740 6172 Lbd - ok

19:20:19.0850 6172 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

19:20:19.0860 6172 lltdio - ok

19:20:19.0970 6172 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys

19:20:19.0970 6172 LPCFilter - ok

19:20:20.0060 6172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

19:20:20.0070 6172 LSI_FC - ok

19:20:20.0170 6172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

19:20:20.0180 6172 LSI_SAS - ok

19:20:20.0260 6172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

19:20:20.0260 6172 LSI_SAS2 - ok

19:20:20.0360 6172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

19:20:20.0360 6172 LSI_SCSI - ok

19:20:20.0460 6172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

19:20:20.0460 6172 luafv - ok

19:20:20.0530 6172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

19:20:20.0540 6172 megasas - ok

19:20:20.0640 6172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

19:20:20.0650 6172 MegaSR - ok

19:20:20.0750 6172 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

19:20:20.0750 6172 MEIx64 - ok

19:20:20.0840 6172 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

19:20:20.0840 6172 Modem - ok

19:20:20.0940 6172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

19:20:20.0940 6172 monitor - ok

19:20:21.0030 6172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys

19:20:21.0030 6172 mouclass - ok

19:20:21.0120 6172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys

19:20:21.0120 6172 mouhid - ok

19:20:21.0210 6172 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

19:20:21.0210 6172 mountmgr - ok

19:20:21.0310 6172 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

19:20:21.0310 6172 mpio - ok

19:20:21.0400 6172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

19:20:21.0400 6172 mpsdrv - ok

19:20:21.0480 6172 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

19:20:21.0480 6172 MRxDAV - ok

19:20:21.0570 6172 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

19:20:21.0570 6172 mrxsmb - ok

19:20:21.0660 6172 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

19:20:21.0660 6172 mrxsmb10 - ok

19:20:21.0770 6172 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

19:20:21.0780 6172 mrxsmb20 - ok

19:20:21.0870 6172 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

19:20:21.0870 6172 msahci - ok

19:20:21.0980 6172 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

19:20:21.0980 6172 msdsm - ok

19:20:22.0100 6172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

19:20:22.0100 6172 Msfs - ok

19:20:22.0210 6172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

19:20:22.0210 6172 mshidkmdf - ok

19:20:22.0280 6172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

19:20:22.0280 6172 msisadrv - ok

19:20:22.0360 6172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

19:20:22.0360 6172 MSKSSRV - ok

19:20:22.0440 6172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

19:20:22.0440 6172 MSPCLOCK - ok

19:20:22.0470 6172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

19:20:22.0470 6172 MSPQM - ok

19:20:22.0580 6172 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

19:20:22.0590 6172 MsRPC - ok

19:20:22.0670 6172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

19:20:22.0670 6172 mssmbios - ok

19:20:22.0750 6172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

19:20:22.0750 6172 MSTEE - ok

19:20:22.0820 6172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

19:20:22.0830 6172 MTConfig - ok

19:20:22.0910 6172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

19:20:22.0910 6172 Mup - ok

19:20:23.0030 6172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

19:20:23.0040 6172 NativeWifiP - ok

19:20:23.0170 6172 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

19:20:23.0180 6172 NDIS - ok

19:20:23.0280 6172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

19:20:23.0280 6172 NdisCap - ok

19:20:23.0370 6172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

19:20:23.0370 6172 NdisTapi - ok

19:20:23.0460 6172 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

19:20:23.0460 6172 Ndisuio - ok

19:20:23.0540 6172 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

19:20:23.0550 6172 NdisWan - ok

19:20:23.0620 6172 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

19:20:23.0630 6172 NDProxy - ok

19:20:23.0710 6172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

19:20:23.0720 6172 NetBIOS - ok

19:20:23.0820 6172 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

19:20:23.0820 6172 NetBT - ok

19:20:24.0140 6172 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\windows\system32\DRIVERS\NETwNs64.sys

19:20:24.0180 6172 NETwNs64 - ok

19:20:24.0260 6172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

19:20:24.0270 6172 nfrd960 - ok

19:20:24.0380 6172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

19:20:24.0390 6172 Npfs - ok

19:20:24.0470 6172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

19:20:24.0470 6172 nsiproxy - ok

19:20:24.0597 6172 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

19:20:24.0613 6172 Ntfs - ok

19:20:24.0691 6172 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

19:20:24.0691 6172 Null - ok

19:20:24.0800 6172 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys

19:20:24.0800 6172 nusb3hub - ok

19:20:24.0878 6172 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys

19:20:24.0878 6172 nusb3xhc - ok

19:20:24.0987 6172 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

19:20:24.0987 6172 nvraid - ok

19:20:25.0096 6172 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

19:20:25.0112 6172 nvstor - ok

19:20:25.0190 6172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

19:20:25.0190 6172 nv_agp - ok

19:20:25.0283 6172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

19:20:25.0283 6172 ohci1394 - ok

19:20:25.0408 6172 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

19:20:25.0408 6172 Parport - ok

19:20:25.0502 6172 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

19:20:25.0502 6172 partmgr - ok

19:20:25.0595 6172 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

19:20:25.0595 6172 pci - ok

19:20:25.0705 6172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

19:20:25.0720 6172 pciide - ok

19:20:25.0814 6172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

19:20:25.0814 6172 pcmcia - ok

19:20:25.0923 6172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

19:20:25.0923 6172 pcw - ok

19:20:26.0017 6172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

19:20:26.0017 6172 PEAUTH - ok

19:20:26.0173 6172 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

19:20:26.0173 6172 PGEffect - ok

19:20:26.0282 6172 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

19:20:26.0282 6172 PptpMiniport - ok

19:20:26.0360 6172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

19:20:26.0360 6172 Processor - ok

19:20:26.0516 6172 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

19:20:26.0531 6172 Psched - ok

19:20:26.0625 6172 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys

19:20:26.0641 6172 PxHlpa64 - ok

19:20:26.0750 6172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

19:20:26.0765 6172 ql2300 - ok

19:20:26.0843 6172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

19:20:26.0859 6172 ql40xx - ok

19:20:26.0937 6172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

19:20:26.0937 6172 QWAVEdrv - ok

19:20:27.0015 6172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

19:20:27.0015 6172 RasAcd - ok

19:20:27.0109 6172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

19:20:27.0109 6172 RasAgileVpn - ok

19:20:27.0207 6172 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

19:20:27.0217 6172 Rasl2tp - ok

19:20:27.0317 6172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

19:20:27.0317 6172 RasPppoe - ok

19:20:27.0397 6172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

19:20:27.0397 6172 RasSstp - ok

19:20:27.0477 6172 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

19:20:27.0477 6172 rdbss - ok

19:20:27.0577 6172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

19:20:27.0577 6172 rdpbus - ok

19:20:27.0677 6172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

19:20:27.0677 6172 RDPCDD - ok

19:20:27.0757 6172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

19:20:27.0767 6172 RDPENCDD - ok

19:20:27.0827 6172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

19:20:27.0827 6172 RDPREFMP - ok

19:20:27.0857 6172 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

19:20:27.0857 6172 RDPWD - ok

19:20:27.0937 6172 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

19:20:27.0947 6172 rdyboost - ok

19:20:28.0057 6172 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys

19:20:28.0057 6172 regi - ok

19:20:28.0177 6172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

19:20:28.0187 6172 rspndr - ok

19:20:28.0317 6172 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys

19:20:28.0317 6172 RTL8167 - ok

19:20:28.0417 6172 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

19:20:28.0427 6172 sbp2port - ok

19:20:28.0557 6172 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

19:20:28.0557 6172 scfilter - ok

19:20:28.0657 6172 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys

19:20:28.0657 6172 sdbus - ok

19:20:28.0747 6172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

19:20:28.0757 6172 secdrv - ok

19:20:28.0837 6172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

19:20:28.0847 6172 Serenum - ok

19:20:28.0937 6172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

19:20:28.0937 6172 Serial - ok

19:20:29.0027 6172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

19:20:29.0037 6172 sermouse - ok

19:20:29.0127 6172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

19:20:29.0137 6172 sffdisk - ok

19:20:29.0232 6172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

19:20:29.0232 6172 sffp_mmc - ok

19:20:29.0310 6172 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

19:20:29.0326 6172 sffp_sd - ok

19:20:29.0419 6172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

19:20:29.0419 6172 sfloppy - ok

19:20:29.0513 6172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

19:20:29.0513 6172 SiSRaid2 - ok

19:20:29.0591 6172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

19:20:29.0591 6172 SiSRaid4 - ok

19:20:29.0685 6172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

19:20:29.0685 6172 Smb - ok

19:20:29.0809 6172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

19:20:29.0809 6172 spldr - ok

19:20:29.0919 6172 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

19:20:29.0934 6172 srv - ok

19:20:30.0043 6172 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

19:20:30.0059 6172 srv2 - ok

19:20:30.0137 6172 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

19:20:30.0153 6172 srvnet - ok

19:20:30.0231 6172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

19:20:30.0231 6172 stexstor - ok

19:20:30.0324 6172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

19:20:30.0324 6172 swenum - ok

19:20:30.0433 6172 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys

19:20:30.0449 6172 SynTP - ok

19:20:30.0589 6172 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

19:20:30.0589 6172 Tcpip - ok

19:20:30.0730 6172 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

19:20:30.0730 6172 TCPIP6 - ok

19:20:30.0823 6172 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

19:20:30.0823 6172 tcpipreg - ok

19:20:30.0933 6172 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

19:20:30.0933 6172 tdcmdpst - ok

19:20:30.0995 6172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

19:20:30.0995 6172 TDPIPE - ok

19:20:31.0073 6172 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

19:20:31.0073 6172 TDTCP - ok

19:20:31.0182 6172 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

19:20:31.0198 6172 tdx - ok

19:20:31.0276 6172 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

19:20:31.0276 6172 TermDD - ok

19:20:31.0384 6172 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

19:20:31.0394 6172 Thpdrv - ok

19:20:31.0484 6172 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

19:20:31.0494 6172 Thpevm - ok

19:20:31.0634 6172 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

19:20:31.0644 6172 tos_sps64 - ok

19:20:31.0794 6172 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

19:20:31.0794 6172 tssecsrv - ok

19:20:31.0954 6172 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

19:20:31.0954 6172 TsUsbFlt - ok

19:20:32.0064 6172 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

19:20:32.0064 6172 TsUsbGD - ok

19:20:32.0164 6172 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

19:20:32.0174 6172 tunnel - ok

19:20:32.0284 6172 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

19:20:32.0284 6172 TVALZ - ok

19:20:32.0374 6172 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

19:20:32.0374 6172 TVALZFL - ok

19:20:32.0464 6172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

19:20:32.0474 6172 uagp35 - ok

19:20:32.0584 6172 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

19:20:32.0584 6172 udfs - ok

19:20:32.0694 6172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

19:20:32.0704 6172 uliagpkx - ok

19:20:32.0794 6172 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

19:20:32.0794 6172 umbus - ok

19:20:32.0884 6172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

19:20:32.0894 6172 UmPass - ok

19:20:33.0004 6172 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

19:20:33.0014 6172 usbccgp - ok

19:20:33.0094 6172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

19:20:33.0104 6172 usbcir - ok

19:20:33.0204 6172 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

19:20:33.0204 6172 usbehci - ok

19:20:33.0314 6172 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

19:20:33.0324 6172 usbhub - ok

19:20:33.0415 6172 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

19:20:33.0415 6172 usbohci - ok

19:20:33.0493 6172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

19:20:33.0509 6172 usbprint - ok

19:20:33.0602 6172 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

19:20:33.0602 6172 USBSTOR - ok

19:20:33.0696 6172 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

19:20:33.0711 6172 usbuhci - ok

19:20:33.0836 6172 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

19:20:33.0852 6172 usbvideo - ok

19:20:33.0930 6172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

19:20:33.0945 6172 vdrvroot - ok

19:20:34.0039 6172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

19:20:34.0055 6172 vga - ok

19:20:34.0133 6172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

19:20:34.0148 6172 VgaSave - ok

19:20:34.0242 6172 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

19:20:34.0242 6172 vhdmp - ok

19:20:34.0320 6172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

19:20:34.0320 6172 viaide - ok

19:20:34.0413 6172 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

19:20:34.0429 6172 volmgr - ok

19:20:34.0523 6172 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

19:20:34.0538 6172 volmgrx - ok

19:20:34.0629 6172 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys

19:20:34.0639 6172 volsnap - ok

19:20:34.0729 6172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

19:20:34.0729 6172 vsmraid - ok

19:20:34.0829 6172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

19:20:34.0829 6172 vwifibus - ok

19:20:34.0919 6172 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

19:20:34.0929 6172 vwififlt - ok

19:20:35.0019 6172 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

19:20:35.0019 6172 vwifimp - ok

19:20:35.0109 6172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

19:20:35.0109 6172 WacomPen - ok

19:20:35.0209 6172 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

19:20:35.0209 6172 WANARP - ok

19:20:35.0229 6172 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

19:20:35.0239 6172 Wanarpv6 - ok

19:20:35.0359 6172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

19:20:35.0359 6172 Wd - ok

19:20:35.0469 6172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

19:20:35.0489 6172 Wdf01000 - ok

19:20:35.0589 6172 wdkmd (5e1640435dd54d00451156ca5340b109) C:\windows\system32\DRIVERS\WDKMD.sys

19:20:35.0589 6172 wdkmd - ok

19:20:35.0689 6172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

19:20:35.0689 6172 WfpLwf - ok

19:20:35.0789 6172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

19:20:35.0789 6172 WIMMount - ok

19:20:35.0929 6172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

19:20:35.0929 6172 WmiAcpi - ok

19:20:36.0039 6172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

19:20:36.0039 6172 ws2ifsl - ok

19:20:36.0149 6172 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

19:20:36.0149 6172 WudfPf - ok

19:20:36.0259 6172 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

19:20:36.0259 6172 WUDFRd - ok

19:20:36.0299 6172 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

19:20:36.0339 6172 \Device\Harddisk0\DR0 - ok

19:20:36.0369 6172 Boot (0x1200) (e920aea737fd2a6994e32745ed31703c) \Device\Harddisk0\DR0\Partition0

19:20:36.0369 6172 \Device\Harddisk0\DR0\Partition0 - ok

19:20:36.0369 6172 ============================================================

19:20:36.0369 6172 Scan finished

19:20:36.0369 6172 ============================================================

19:20:36.0389 3740 Detected object count: 0

19:20:36.0389 3740 Actual detected object count: 0

Edited by Maurice Naggar
Highlighting added for emphasis
Link to post
Share on other sites

RogueKiller and aswMBR both indicate the presence of a hidden partition on your HDD & that is why I indicated to you that this has a bootkit infection.

It will take a lot of work to remove.

Put & enforce a quarantine on this system.

Only visit this site, period. and the websites I guide you to.

Meantime, do not do websurfing on the infected machine.

Hopefully you have another (clean) pc to do this work.

Please make plans to build a CD/DVD that we will need to boot from.

Download the >> Gparted Live CD ISO << and burn it to CD or DVD as an ISO image.

and let me know after you have finished.

Windows 7 has an ISO burning capability.

If your Windows version does not have an ISO burning capability,

you need to use something like Nero /Roxio or other iso-capable-burning software, and do an image burn. If you do a regular copy-burn the CD won't work. If you don't have ISO-burning capabilty, you can obtain a free .iso burner such as ImageBurn (ImgBurn):

ImgBurn is a free utility. You only need one for our purpose.

Imgburn is at http://www.imgburn.com/

Link to post
Share on other sites

Thanks...

I have downloaded GParted... ISO image and have burned it to CD

Ready to proceed.

One thing... When I boot this computer and open the IE Browser, the default homepage is not Malwarebytes, but is USATODAY.COM instead.... If this is a problem let me know and I will delete it temporarily.

Thanks.

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for Mlmlmloc68 only. If you are a casual viewer, do NOT try this on your system!

If you are not Mlmlmloc68 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Usatoday is ok for now. Just do not do any browsing nor play any flash movies.

Please do all of next very carefully.

Close any open documents if any and save your work if any.

Make sure all "external" HDD drives are not connected.

Do a Windows shutdown.

Place the Gparted CD in the drive.

You must Change the boot order in the BIOS to boot to the CD first, or just hit the Function key that displays on your screen at system restart to Change the Boot Order.

Restart the pc to boot up from CD

Once booted and program is started, You will see a menu.

Choose the GParted Live (Default Settings) option and hit Enter.

Allow GParted to load by selecting all the default options (simply press enter when prompted).

When asked "Which Mode do you Prefer" - Hit Enter to use Gparted automatically, and the GParted Desktop will display:

I do not want you to edit anything.

You will see on screen information about the 3 partitions on your HDD system.

Similar to to this snapshot here

http://secure-computer-solutions.com/blog/GPartedGUI-ScreenieJPG.jpg

I just want you to describe to me each partition as it is listed: Partition name (letters) , Size, Label (ie Reserved), and especially tell me which partition has "Boot" next to it.

Also tell me if you see a Hidden partition at the end.

Write down all information.

IF at all possible, take a digital picture with your cell phone (if you have) and upload and attach the snapshot in your reply.

Boot back into Windows and post your results please.

You can see an article with examples at Negster22's BITS and PC's blog here

http://secure-computer-solutions.com/blog/2011/11/

Once again, do not make ANY changes

Link to post
Share on other sites

Thank you here is the information you have requested from the Gparted CD....

1st Partition:

Partition: /dev/sda1

File system: ntfs

Label: System

Size: 1.46 GiB

Used: 500.25 MiB

Unused: 999.75 MiB

Flags: boot.diag

2nd Partition:

Partition: /dev/sda2

File system: ntfs

Label: TI106151W0F

Size: 580.59 GiB

Used: 57.34 GiB

Unused: 523.25 MiB

Flags: (blank)

3rd Partition:

Partition: /dev/sda3

File system: ntfs

Label: HDDRECOVERY

Size: 14.12 GiB

Used: 13.54 GiB

Unused: 594.11 MiB

Flags: hidden

Yes, there was a hidden partion at the end (Partition 3)

A screen shot of the Gparted output is attached.

Thanks again for your help.

post-108013-0-95322000-1328823773.jpg

Link to post
Share on other sites

That appears like an Acer recovery partition at the end. Thanks. Remove the GParted CD and secure away.

Restart Windows normally.

Step 1

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 2

Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

Step 3

Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Step 4

Next: Please download & save Malwarebytes Anti-Malware from

http://www.malwareby...am-download.php

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Step 5

Temporarily disable your anti-virus program. See how How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Using Internet Explorer browser only, go to ESET Online Scanner website:

Windows 7 or Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/...c4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Re-enable your anti-virus when done.

Step 6

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of MBAM scan log
  • the contents of Eset scan log
  • the contents of OTL.txt
  • the contents of Extras.txt
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

I have performed all of the tasks that you have requested... Here are the results...

MBAM Scan Log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.10.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

MLMLM :: OWNER-PC [administrator]

2/10/2012 1:48:07 PM

mbam-log-2012-02-10 (13-48-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200697

Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\MLMLM\Downloads\Converterlite.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

(end)

**********************************************************

Eset scan log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-10 09:16:27

# local_time=2012-02-10 03:16:27 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1280 16777215 100 0 19697798 19697798 0 0

# compatibility_mode=5893 16776573 100 94 0 80448618 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=190247

# found=1

# cleaned=1

# scan_time=3420

C:\Users\MLMLM\Downloads\cnet_InstallRarZilla_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Continued.....

OTL. txt

OTL logfile created on: 2/10/2012 4:05:25 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\MLMLM\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 64.08% Memory free

11.82 Gb Paging File | 9.58 Gb Available in Paging File | 81.04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 580.59 Gb Total Space | 521.60 Gb Free Space | 89.84% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: MLMLM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 16:02:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MLMLM\Desktop\OTL.exe

PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/23 03:26:35 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/08/15 07:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/02/01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/25 17:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe

PRC - [2010/11/02 20:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

PRC - [2010/08/16 11:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

PRC - [2010/06/04 17:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe

PRC - [2010/05/20 17:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/07/21 09:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe

PRC - [2009/06/23 15:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

PRC - [2009/06/22 23:18:52 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/03/23 23:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2009/07/21 09:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe

MOD - [2009/06/22 23:18:52 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/27 12:15:36 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)

SRV:64bit: - [2011/02/27 12:09:36 | 000,885,248 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)

SRV:64bit: - [2011/01/05 14:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2011/01/05 14:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/01/05 14:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/12/24 21:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2010/12/20 19:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2010/12/09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/12/08 16:55:26 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2010/12/08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/02/11 11:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2011/02/01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011/02/01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/11/02 20:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)

SRV - [2010/05/20 17:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/07/24 06:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)

SRV - [2009/07/24 06:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)

SRV - [2009/06/23 15:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 20:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2011/06/26 14:42:41 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2011/06/20 08:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)

DRV:64bit: - [2011/06/10 04:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/26 13:11:18 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)

DRV:64bit: - [2011/05/26 06:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2011/04/04 21:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/04 10:00:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2011/02/17 13:42:12 | 000,174,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®

DRV:64bit: - [2011/02/17 13:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®

DRV:64bit: - [2011/02/17 13:42:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) Intel® Centrino®

DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/01/04 12:29:00 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/12/25 11:25:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/06/09 14:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2010/06/09 14:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2010/04/22 16:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2009/11/02 17:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)

DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/04/17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)

DRV - [2011/07/08 03:12:44 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.malwarebytes.org/support

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.usatoday.com/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MLMLM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/06/26 15:18:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/06/26 15:18:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/23 03:26:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/31 06:16:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/08 17:43:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 17:02:28 | 000,000,000 | ---D | M]

[2011/07/03 14:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MLMLM\AppData\Roaming\Mozilla\Extensions

[2011/07/03 14:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/02/08 17:43:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/01/12 14:25:11 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/01/07 09:15:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/01/07 09:15:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe ()

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)

O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)

O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)

O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.233.164.12 64.13.115.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D30568-68D1-4374-9E73-68377F1715B1}: DhcpNameServer = 66.233.164.12 64.13.115.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F52B30CC-D785-4CBD-B9F0-723D4AB8C5CB}: DhcpNameServer = 151.164.14.201 68.94.157.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{95eb3969-26b8-11e1-b7b7-b870f464af03}\Shell - "" = AutoRun

O33 - MountPoints2\{95eb3969-26b8-11e1-b7b7-b870f464af03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 16:02:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\MLMLM\Desktop\OTL.exe

[2012/02/10 14:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/02/10 13:46:05 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Roaming\Malwarebytes

[2012/02/10 13:45:54 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/02/10 13:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/10 13:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/10 13:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/02/10 08:41:41 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\MLMLM\Desktop\ATF-Cleaner.exe

[2012/02/08 18:55:58 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Roaming\ImgBurn

[2012/02/08 18:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2012/02/08 18:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2012/02/07 21:27:42 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\Documents\Health Pmts

[2012/02/07 18:56:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\MLMLM\Desktop\aswMBR.exe

[2012/02/07 18:52:10 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/02/07 18:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/02/07 18:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/02/07 10:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/02/07 06:40:08 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/02/07 04:46:39 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\Desktop\RK_Quarantine

[2012/02/07 02:49:40 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\Ilivid Player

[2012/02/07 02:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid

[2012/02/07 02:46:48 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\PackageAware

[2012/02/06 20:45:58 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\Discards

[2012/02/05 04:43:27 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\Documents\Vuze Downloads

[2012/02/05 04:38:21 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\.swt

[2012/02/05 04:38:18 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Roaming\Azureus

[2012/02/05 04:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012/02/05 04:36:49 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\Conduit

[2012/01/29 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\{63EA0E83-40C3-4C88-8861-66A8B1454773}

[2012/01/29 18:04:22 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\{C56207A5-8D35-45FA-9DC7-97C279397E78}

[2012/01/26 18:52:00 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\{C2EF8E39-AC8F-4AFC-8E75-CFAE6BE43D04}

[2012/01/26 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\{FF78F099-7247-4DB3-9A4D-1DFEDC89C0C9}

[2012/01/23 05:16:56 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\{FCF48973-DEA8-4208-96D4-ADE2C7261B29}

[2012/01/23 05:16:44 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Local\{94E1E24E-A12E-416C-A159-1A10FA312C5F}

[2012/01/21 13:36:28 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll

[2012/01/21 13:36:28 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll

[2012/01/21 13:36:28 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll

[2012/01/21 13:36:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll

[2012/01/21 13:36:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll

[2012/01/21 13:36:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll

[2012/01/12 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\MLMLM\AppData\Roaming\ConverterLite

[2012/01/12 14:25:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/01/12 14:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConverterLite

[2012/01/12 14:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConverterLite

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/10 16:02:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MLMLM\Desktop\OTL.exe

[2012/02/10 15:27:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/10 14:27:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/10 14:05:42 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/10 14:05:42 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/10 14:03:28 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/02/10 14:03:28 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/02/10 14:03:28 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/02/10 13:57:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/02/10 13:57:57 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/10 13:45:54 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/10 08:41:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\MLMLM\Desktop\ATF-Cleaner.exe

[2012/02/09 15:25:30 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat

[2012/02/09 15:25:30 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat

[2012/02/08 18:44:56 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2012/02/07 19:09:09 | 000,000,512 | ---- | M] () -- C:\Users\MLMLM\Desktop\MBR.dat

[2012/02/07 18:57:01 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\MLMLM\Desktop\aswMBR.exe

[2012/02/07 18:50:04 | 000,000,935 | ---- | M] () -- C:\Users\MLMLM\Desktop\NTREGOPT.lnk

[2012/02/07 18:50:04 | 000,000,916 | ---- | M] () -- C:\Users\MLMLM\Desktop\ERUNT.lnk

[2012/02/07 10:50:32 | 000,002,975 | ---- | M] () -- C:\Users\MLMLM\Desktop\HiJackThis.lnk

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 13:45:54 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/08 18:44:56 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk

[2012/02/08 18:44:56 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2012/02/07 19:09:09 | 000,000,512 | ---- | C] () -- C:\Users\MLMLM\Desktop\MBR.dat

[2012/02/07 18:50:04 | 000,000,935 | ---- | C] () -- C:\Users\MLMLM\Desktop\NTREGOPT.lnk

[2012/02/07 18:50:04 | 000,000,916 | ---- | C] () -- C:\Users\MLMLM\Desktop\ERUNT.lnk

[2012/02/07 10:33:08 | 000,002,975 | ---- | C] () -- C:\Users\MLMLM\Desktop\HiJackThis.lnk

[2012/01/07 10:28:50 | 000,003,584 | ---- | C] () -- C:\Users\MLMLM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/06 11:26:26 | 000,000,038 | -HS- | C] () -- C:\windows\camcodec100.ini

[2011/09/06 11:26:26 | 000,000,028 | -HS- | C] () -- C:\windows\lagarith.ini

[2011/09/06 11:22:22 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll

[2011/09/06 11:18:26 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll

[2011/07/11 13:22:15 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat

[2011/07/11 13:22:15 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat

[2011/07/09 17:35:48 | 000,128,588 | ---- | C] () -- C:\Users\MLMLM\AppData\Local\rx_audio.Cache

[2011/07/09 17:35:31 | 002,560,176 | ---- | C] () -- C:\Users\MLMLM\AppData\Local\rx_image32.Cache

[2011/07/08 02:29:13 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2011/07/08 02:29:12 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2011/07/04 15:36:09 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/04/04 21:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/04/04 21:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/04/04 21:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/02/03 20:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2010/11/09 13:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT

[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat

[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

[2004/01/30 13:07:46 | 000,245,408 | ---- | C] () -- C:\windows\SysWow64\unicows.dll

========== LOP Check ==========

[2012/02/06 14:46:48 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\Azureus

[2011/08/31 04:48:05 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\Book Place

[2012/01/13 03:20:08 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\ConverterLite

[2012/02/08 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\ImgBurn

[2011/09/06 15:06:29 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\Philipp Winterberg

[2011/06/29 16:25:54 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\Simple Star

[2011/07/11 02:54:46 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\skychart

[2011/06/28 02:20:24 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\Smith Micro

[2011/08/30 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\Toshiba

[2011/09/01 22:44:18 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\WinBatch

[2011/10/04 11:16:36 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\Windows Live Writer

[2011/07/28 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\MLMLM\AppData\Roaming\Xilisoft

[2011/09/03 22:10:40 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

***************************************************

Extras.txt:

OTL Extras logfile created on: 2/10/2012 4:05:25 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\MLMLM\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 64.08% Memory free

11.82 Gb Paging File | 9.58 Gb Available in Paging File | 81.04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 580.59 Gb Total Space | 521.60 Gb Free Space | 89.84% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: MLMLM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software

"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel® PROSet/Wireless WiFi Software

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1" = Cartes du Ciel V3.2

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{43CD257A-4F32-4BDE-9B3D-14E6E10C8307}" = Roxio Creator 2010

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD

"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{626663EE-B9E6-4982-995F-02C31E84F8FC}" = Intel® Wireless Display

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

"{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER

"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer

"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{85195381-0426-4715-8D25-E21B9457FC00}" = Ad-Aware

"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager

"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5

"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Applian Director2.1" = Applian Director

"ConverterLite" = ConverterLite 0.1

"DivX Setup" = DivX Setup

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"Free FLV Converter_is1" = Free FLV Converter V 7.3.0

"Google Chrome" = Google Chrome

"ImgBurn" = ImgBurn

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Picasa 3" = Picasa 3

"RarZilla Free Unrar" = RarZilla Free Unrar

"RealPlayer 12.0" = RealPlayer

"Replay Music4.02" = Replay Music

"Rhapsody" = Rhapsody

"Roxio PhotoShow" = Roxio PhotoShow

"WinLiveSuite" = Windows Live Essentials

"Xilisoft FLV Converter 6" = Xilisoft FLV Converter 6

"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"48e4cff94f039634" = Best Buy pc app

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/16/2012 4:04:49 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/17/2012 8:13:36 AM | Computer Name = Owner-PC | Source = VSS | ID = 13

Description =

Error - 1/17/2012 8:13:36 AM | Computer Name = Owner-PC | Source = VSS | ID = 8193

Description =

Error - 1/17/2012 6:21:50 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/17/2012 7:23:20 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/18/2012 5:08:03 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/19/2012 9:14:52 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/20/2012 1:44:05 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: aac_parser.ax, version: 1.1.0.0, time

stamp: 0x3fc11b9f Exception code: 0xc0000094 Fault offset: 0x0000588b Faulting process

id: 0x1a94 Faulting application start time: 0x01ccd7914604d3ca Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\windows\SysWow64\aac_parser.ax Report Id: 58559ec3-438e-11e1-bed2-b870f464af03

Error - 1/20/2012 1:44:14 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: aac_parser.ax, version: 1.1.0.0, time

stamp: 0x3fc11b9f Exception code: 0xc0000094 Fault offset: 0x0000588b Faulting process

id: 0x1ea8 Faulting application start time: 0x01ccd79b1dbfe4d5 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\windows\SysWow64\aac_parser.ax Report Id: 5df7cbc2-438e-11e1-bed2-b870f464af03

Error - 1/20/2012 8:24:59 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

[ Media Center Events ]

Error - 7/23/2011 5:54:58 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = 5:54:58 AM - Error connecting to the internet. 5:54:58 AM - Unable

to contact server..

Error - 7/23/2011 5:55:11 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = 5:55:03 AM - Error connecting to the internet. 5:55:03 AM - Unable

to contact server..

Error - 8/12/2011 1:36:46 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = 1:36:46 PM - Error connecting to the internet. 1:36:46 PM - Unable

to contact server..

Error - 8/12/2011 1:36:52 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = 1:36:51 PM - Error connecting to the internet. 1:36:51 PM - Unable

to contact server..

[ System Events ]

Error - 11/17/2011 3:11:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio

Hard Drive Watcher 12 service to connect.

Error - 11/18/2011 9:10:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio

Hard Drive Watcher 12 service to connect.

Error - 11/19/2011 3:11:33 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 11/19/2011 3:11:33 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 11/19/2011 3:48:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio

Hard Drive Watcher 12 service to connect.

Error - 11/19/2011 4:38:46 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 11/19/2011 4:38:46 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 11/21/2011 4:25:25 AM | Computer Name = Owner-PC | Source = WMPNetworkSvc | ID = 866333

Description =

Error - 11/21/2011 3:49:45 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 2:31:07 AM on ?11/?21/?2011 was unexpected.

Error - 11/21/2011 3:50:20 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio

Hard Drive Watcher 12 service to connect.

< End of report >

************************************************************

checkup.txt:

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Kaspersky Anti-Virus 2011

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Spybot - Search & Destroy

Java 6 Update 20

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader X (10.1.2)

Mozilla Firefox (10.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe

Kaspersky Lab Kaspersky Anti-Virus 2011 x64 klwtblfs.exe

``````````End of Log````````````

*******************************

Link to post
Share on other sites

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586-s.exe to install the newest version.
    ( jre-6u30-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 30 from Sun Microsystems Inc.

This pc appears to have 2 programs with anti-virus running at startup: Ad-Aware free (which has anti-virus) and Kaspersky AV 2011.

If you have a license for KAV & it is current, then make very sure that Ad-Aware does NOT start with Windows startup.

Now, then, Tell me, How is your system now ?

Link to post
Share on other sites

Thank you for your assistance...

Java has been updated as you suggested...

Ad Aware has been deleted from the startup....

I believe that the system is running fine.....

Thank you once again for all of your valuable assistance.... I cannot thank you enough for the time and attention you gave me .... Your instructions were well documented and very easy to follow... Have a great rest of 2012...

Link to post
Share on other sites

Good to know your system is running well.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

If you still have these tools, delete them

aswMBR & TDSSKILLER

All the best to you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.