Jump to content

clarissa

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Scan took a long time, hour plus, but nothing found. Memory is mid-range but stable. CPU is stable as well.
  2. ComboFix 13-02-03.03 - rac 02/04/2013 2:52.2.3 - x64 Running from: c:\users\rac\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache86\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 ))))))))))))))))))))))))))))))) . . 2013-02-04 07:59 . 2013-02-04 07:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-04 02:46 . 2013-02-04 02:46 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-02-03 21:36 . 2013-02-03 21:37 -------- d--h--w- c:\windows\msdownld.tmp 2013-02-03 20:04 . 2013-02-03 20:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-02-03 19:33 . 2013-02-03 19:33 -------- d-----w- C:\_OTL 2013-02-03 00:25 . 2013-02-04 07:48 -------- d-----w- c:\programdata\boost_interprocess 2013-02-03 00:21 . 2013-02-03 00:21 101 ----a-w- c:\windows\DeleteOnReboot.bat 2013-02-03 00:15 . 2013-02-03 00:15 -------- d-----w- C:\malware help folder 2013-02-03 00:07 . 2013-02-03 00:07 -------- d-----w- c:\users\rac\AppData\Roaming\Apple Computer 2013-02-02 19:59 . 2013-02-03 00:17 -------- d-----w- c:\users\rac\AppData\Roaming\Malwarebytes 2013-02-02 19:59 . 2013-02-02 19:59 -------- d-----w- c:\programdata\Malwarebytes 2013-02-02 19:59 . 2013-02-02 19:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-02 19:59 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-02 19:55 . 2013-02-02 19:55 -------- d-----w- c:\users\rac\AppData\Local\Programs 2013-02-01 20:42 . 2013-02-01 20:42 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-02-01 17:19 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-02-01 17:19 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-02-01 17:19 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-02-01 17:19 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-02-01 17:19 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-02-01 17:19 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-02-01 17:19 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-02-01 17:19 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-02-01 17:19 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-02-01 07:21 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AE51A2-AB5B-4EFD-8136-BC05ACE1D70A}\mpengine.dll 2013-01-31 19:35 . 2013-01-31 19:35 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-01-29 02:08 . 2013-01-29 02:08 -------- d-----w- c:\users\rac\AppData\Roaming\TuneUp Software 2013-01-29 01:55 . 2013-02-01 19:20 -------- d-----w- c:\programdata\MFAData 2013-01-29 01:55 . 2013-01-29 01:55 -------- d-----w- c:\users\rac\AppData\Local\MFAData 2013-01-28 23:32 . 2013-01-28 23:32 -------- d--h--w- c:\programdata\Common Files 2013-01-25 22:39 . 2013-01-25 22:39 -------- d-----w- C:\found.000 2013-01-24 23:19 . 2013-01-24 23:19 -------- d-----w- C:\perflogs 2013-01-09 08:25 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 08:25 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 08:23 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-17 06:28 . 2011-09-04 04:27 273840 ----a-w- c:\windows\system32\MpSigStub.exe 2013-01-10 13:58 . 2011-10-06 13:47 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 05:12 . 2012-04-29 05:19 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 05:12 . 2011-09-06 04:08 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-16 17:11 . 2012-12-21 18:08 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 18:08 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 18:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 18:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:45 . 2013-01-09 08:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-16 11:10 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-16 11:10 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-16 11:11 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-16 11:11 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-16 11:11 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-16 11:11 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-16 11:11 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-16 11:10 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-16 11:10 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-16 11:10 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-16 11:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-16 11:10 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-16 11:11 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-16 11:11 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-16 11:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-16 11:11 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-16 11:10 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-16 11:11 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-16 11:11 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-16 11:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-16 11:11 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-16 11:11 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-13 01:05 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-13 01:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 16:29 . 2012-11-08 16:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-21 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1255736] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-01 19:17 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 05:12] . 2013-02-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085755171-966835748-4094314865-1000Core.job - c:\users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21 12:03] . 2013-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085755171-966835748-4094314865-1000UA.job - c:\users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21 12:03] . 2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 05:50] . 2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 05:50] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.accuweather.com/en/us/amherst-oh/44001/weather-forecast/2238346 mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe AddRemove-NortonPCCheckup - c:\program files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.3.198\InstStub.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe . ************************************************************************** . Completion time: 2013-02-04 03:13:28 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-04 08:13 . Pre-Run: 413,269,237,760 bytes free Post-Run: 413,260,742,656 bytes free . - - End Of File - - 576AC4618F46D817B5C23BE861CBE811
  3. How do you uninstall combofix safely? Is just deleting it ok?
  4. I updated everything plus my internet explorer. Memory goes from steady 1.something to almost the top and stays there for some time w/o me running any programs except IE to be on here and task manager to keep track of performance. CPU usage is erratic, jumping from 8 to 27%, very low to mid ranges very quick. Is this normal from now on?
  5. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully. File Protocol\Handler\ms-itss - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully. File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\avast\ not found. C:\Windows\SysNative\RegistryDefragBootTime.exe moved successfully. C:\windows\msdownld.tmp folder deleted successfully. C:\AutoDetectPkg norton antivirus.exe moved successfully. ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully. ========== FILES ========== C:\ProgramData\IObit\ASCDownloader folder moved successfully. C:\ProgramData\IObit\Advanced SystemCare V6 folder moved successfully. C:\ProgramData\IObit folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6\SmartRAM folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6\EmptyFolder folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6\Downloader folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6\ClonedFilesScanner folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully. C:\Users\rac\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully. C:\Users\rac\AppData\Roaming\IObit folder moved successfully. C:\Program Files (x86)\IObit\Smart Defrag 2\Update folder moved successfully. C:\Program Files (x86)\IObit\Smart Defrag 2\Log folder moved successfully. C:\Program Files (x86)\IObit\Smart Defrag 2\LatestNews folder moved successfully. C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully. C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully. C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully. C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully. C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully. C:\Program Files (x86)\IObit\Advanced SystemCare 6\Update folder moved successfully. C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully. C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully. C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully. C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully. C:\Program Files (x86)\IObit\Advanced SystemCare 6\BootTimeLog folder moved successfully. C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully. C:\Program Files (x86)\IObit folder moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG folder moved successfully. C:\Users\rac\AppData\Roaming\AVG\AWL2012\TuningIndex folder moved successfully. C:\Users\rac\AppData\Roaming\AVG\AWL2012\StartUp Manager folder moved successfully. C:\Users\rac\AppData\Roaming\AVG\AWL2012\Dashboard folder moved successfully. C:\Users\rac\AppData\Roaming\AVG\AWL2012\Backups folder moved successfully. C:\Users\rac\AppData\Roaming\AVG\AWL2012 folder moved successfully. C:\Users\rac\AppData\Roaming\AVG folder moved successfully. C:\ProgramData\AVG\AWL2012 folder moved successfully. C:\ProgramData\AVG\AWL\Program Statistics folder moved successfully. C:\ProgramData\AVG\AWL folder moved successfully. C:\ProgramData\AVG folder moved successfully. C:\$AVG\$VAULT folder moved successfully. C:\$AVG\$CHJW folder moved successfully. C:\$AVG folder moved successfully. C:\ProgramData\AVG2013\SetupBackup folder moved successfully. C:\ProgramData\AVG2013\lsdb\prev folder moved successfully. C:\ProgramData\AVG2013\lsdb folder moved successfully. C:\ProgramData\AVG2013\log folder moved successfully. C:\ProgramData\AVG2013\IDS\quarantine folder moved successfully. C:\ProgramData\AVG2013\IDS\profile folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\9 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\8 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\7 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\6 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\5 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\4 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\3 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\2 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\1 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox\0 folder moved successfully. C:\ProgramData\AVG2013\IDS\outbox folder moved successfully. C:\ProgramData\AVG2013\IDS\malwareprofile folder moved successfully. C:\ProgramData\AVG2013\IDS\config folder moved successfully. C:\ProgramData\AVG2013\IDS folder moved successfully. C:\ProgramData\AVG2013\DB folder moved successfully. C:\ProgramData\AVG2013\Chjw\84fa4111fa410142 folder moved successfully. C:\ProgramData\AVG2013\Chjw\7eec6872ec68269d folder moved successfully. C:\ProgramData\AVG2013\Chjw folder moved successfully. C:\ProgramData\AVG2013\avi folder moved successfully. C:\ProgramData\AVG2013\Antispam folder moved successfully. C:\ProgramData\AVG2013\admincli folder moved successfully. C:\ProgramData\AVG2013 folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\Tuneup folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\sounds folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\Notification folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\html\reportcard folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\html folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\upgrade\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\upgrade folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\techbuddy\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\techbuddy folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\speedtest\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\speedtest folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\pct.an\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\pct.an folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\pct\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\pct folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\obx\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\obx folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\multimi\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\multimi folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\mobilation_en\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\mobilation_en folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\mobilation\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\mobilation folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\livekive\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\livekive folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\firewallicon\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\firewallicon folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\firewall\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\firewall folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\fas\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\fas folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\familysafety\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\familysafety folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\dav\component folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs\dav folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\awacs folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\3rd_party\licenses folder moved successfully. C:\Program Files (x86)\AVG\AVG2013\3rd_party folder moved successfully. C:\Program Files (x86)\AVG\AVG2013 folder moved successfully. C:\Program Files (x86)\AVG folder moved successfully. C:\Users\rac\AppData\Local\Avg2013\temp folder moved successfully. C:\Users\rac\AppData\Local\Avg2013\log folder moved successfully. C:\Users\rac\AppData\Local\Avg2013 folder moved successfully. C:\AVGTemp\reset_access_avg2013_en folder moved successfully. C:\AVGTemp folder moved successfully. C:\ProgramData\AVAST Software folder moved successfully. C:\Program Files\AVAST Software\Avast\Setup folder moved successfully. C:\Program Files\AVAST Software\Avast folder moved successfully. C:\Program Files\AVAST Software folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: rac ->Temp folder emptied: 2598998 bytes ->Temporary Internet Files folder emptied: 23641413 bytes ->Java cache emptied: 131003 bytes ->Google Chrome cache emptied: 82664268 bytes ->Flash cache emptied: 3132077 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3870 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 107.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 02032013_143337 Files\Folders moved on Reboot... C:\Users\rac\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XQ7I8L5D\pixel[1].gif moved successfully. C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IB54MYLH\rt=ifr[1].htm moved successfully. C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IB54MYLH\wundermap[1].htm moved successfully. C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5QE07WAG\gDxHeefcXIo-lOuZFCn2xTEorKUbBV7q0JC9Sh8AulY[1].eot moved successfully. C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5QE07WAG\openhand_8_8[1].bmp moved successfully. C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5QE07WAG\ros[1].htm moved successfully. C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0TFD0ZY7\tweet_button.1359159993[1].htm moved successfully. C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  6. OTL Extras logfile created on: 2/2/2013 7:34:57 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rac\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 16.99% Memory free 7.49 Gb Paging File | 3.61 Gb Available in Paging File | 48.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454.26 Gb Total Space | 385.40 Gb Free Space | 84.84% Space Free | Partition Type: NTFS Computer Name: KIKE | User Name: rac | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{093069C4-1E5C-4850-BC67-9C34E6CD61F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E3CD484-420B-46C0-A31E-DF8A0C59F544}" = lport=138 | protocol=17 | dir=in | app=system | "{15C71710-4842-44D6-9BEB-A2FBCE6A9857}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{17ACB6E6-AD43-4C5B-8B66-73AE12CA91AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{17D02D79-E4D1-4714-8BFF-141C571FD0F0}" = rport=138 | protocol=17 | dir=out | app=system | "{21C613F4-5ED8-4831-A093-27770AC0B51D}" = lport=2869 | protocol=6 | dir=in | app=system | "{25740155-23AB-48D1-A68C-CC7040648B46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{30F7AA18-AD77-429C-A2C7-64EB1E62A7AB}" = lport=137 | protocol=17 | dir=in | app=system | "{37D52B40-5962-4B9A-9996-307C9BCD3D31}" = lport=445 | protocol=6 | dir=in | app=system | "{3D20C96C-461C-487B-825A-9895274ECC93}" = rport=445 | protocol=6 | dir=out | app=system | "{3F542FE2-BFFC-4514-B311-CB5D4143EE22}" = rport=10243 | protocol=6 | dir=out | app=system | "{45B0887C-04E7-4747-8A68-FDA464D9F95C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{474AE5A6-7C65-449E-B719-D858B1907A83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{493ABD3A-0C35-4ED4-A0CC-7B2FEB342DE5}" = lport=139 | protocol=6 | dir=in | app=system | "{5A2454BB-B663-4BB1-AAEF-9D8B7559079B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7322BD34-152F-4833-A276-3BFC6DE3FDCD}" = rport=139 | protocol=6 | dir=out | app=system | "{7D3554C0-3CEB-4D23-A34F-F2C3F1D44930}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{89629488-B34C-4483-A0E7-A64C8430677D}" = lport=2869 | protocol=6 | dir=in | app=system | "{8DCAE125-DEB6-4B43-8CDD-A121BFA1D774}" = lport=10243 | protocol=6 | dir=in | app=system | "{95562573-89AE-41F9-A439-2CE755ED2001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99D02005-D348-477F-84D7-E29CB49A2CC5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BCFD25C3-1361-42BE-A103-063A103E6CDD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F8F9C811-6B61-4198-B827-B0EA1C73DE94}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1E748017-ED1E-4A31-8560-0EB65875A6E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1F4BF133-6CBB-4270-8533-4B3F095C6D8D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2A3A17A5-5F5A-44BB-A428-34FF1ADBC859}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{39D23E05-C097-4064-B738-434616FA45A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4C503FB4-5608-4124-AA02-50C17363200B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{53F44947-8E33-47EA-A35D-60D3E9DCC18A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5CDBF0DE-3A6C-4B2E-8E54-3C75EEFA6555}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{613E28AC-A39F-4056-B937-6A8E9BBC6DFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{72EF2B19-A36F-4ACE-84CC-268BEB1B682B}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\avastui.exe | "{77C2CAE8-251C-4B5D-A160-DBEC255A1898}" = protocol=6 | dir=out | app=system | "{7E4A46B1-3576-4EAC-A7F2-8091BB6E0474}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{89936841-79CD-4870-8C4C-47BA02D97D00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9201293E-9C97-46D2-A55F-AECB79351EAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{923A5D25-6935-43A3-8170-B0C335065C32}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{9E289EB3-DB6E-4A9C-ACAB-F8DAAE757025}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9FDF5BBF-469D-48B4-A851-48E74B72BB0F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A43112A0-8B97-4488-9A1F-DC9E2AEE2045}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A963F1AC-AD96-406A-AFED-F30293944514}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B91878AE-8323-42FE-AC6E-354ACE1F43BC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{BC0D7921-579E-4DB0-A9B5-EC16C877C4FB}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\avastui.exe | "{C3EDE455-E09A-4A89-9190-50B94E39DF5E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CA33ACE3-7EFA-4230-BE1E-29A614EE4790}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CFFA5374-7DAF-4745-A077-44EF549548BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D12C70E9-9084-4DA7-85B3-58AE70BA7DAC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E3FAA990-CA69-4E22-8048-B3FC13CA16E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E4307A00-2C61-489C-BF4D-D2DCBD0B468D}" = dir=in | app=c:\users\rac\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{EE566941-BDD3-4D2E-91C5-69C5E3A1354A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F21D62E4-08A4-47EE-BBDC-3B4CA90E517D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{F5AECF2E-16CD-4955-AB80-D9BE8BFEB962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FB104527-B2E6-4BC3-846E-DFA6E599D2F9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BE3DFCA2-6F42-509D-555C-68A923314062}" = ATI Catalyst Install Manager "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech "{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17 "{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese "{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek "{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian "{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New "{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean "{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All "{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German "{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish "{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "NortonPCCheckup" = Toshiba Laptop Checkup "Screensaver Troy English" = Screensaver Troy English "TOSHIBA Game Console" = WildTangent ORB Game Console "uTorrent" = µTorrent "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite_Wave3" = Windows Live Essentials "WT083877" = Chuzzle Deluxe "WT083885" = Zuma's Revenge "WT083898" = Virtual Villagers - The Secret City "WT083903" = Escape Rosecliff Island "WT083929" = Bejeweled 2 Deluxe "WT083957" = Jewel Quest 3 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/21/2013 1:22:21 AM | Computer Name = Kike | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 1/21/2013 9:29:26 AM | Computer Name = Kike | Source = Google Update | ID = 20 Description = Error - 1/21/2013 12:33:39 PM | Computer Name = Kike | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a333a6 Faulting module name: aswWebRepIE64.dll, version: 6.0.1091.0, time stamp: 0x4dac73e3 Exception code: 0xc0000005 Fault offset: 0x000000000001a400 Faulting process id: 0xaf0 Faulting application start time: 0x01cdf7f4eb59e2df Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll Report Id: 4f4e01ba-63e8-11e2-bbef-88ae1d51109c Error - 1/21/2013 8:08:08 PM | Computer Name = Kike | Source = Google Update | ID = 20 Description = Error - 1/22/2013 2:21:21 AM | Computer Name = Kike | Source = Google Update | ID = 20 Description = Error - 1/22/2013 2:48:25 AM | Computer Name = Kike | Source = Google Update | ID = 20 Description = Error - 1/22/2013 2:50:41 AM | Computer Name = Kike | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e30 Start Time: 01cdf86ca5d2d61c Termination Time: 17 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 1/22/2013 5:24:23 AM | Computer Name = Kike | Source = Google Update | ID = 20 Description = Error - 1/22/2013 8:23:24 PM | Computer Name = Kike | Source = Google Update | ID = 20 Description = Error - 1/23/2013 8:58:43 PM | Computer Name = Kike | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. [ Media Center Events ] Error - 8/7/2012 8:11:05 PM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 8:11:01 PM - Error connecting to the internet. 8:11:01 PM - Unable to contact server.. Error - 9/6/2012 6:26:34 AM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 6:26:34 AM - Error connecting to the internet. 6:26:34 AM - Unable to contact server.. Error - 9/6/2012 6:26:50 AM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 6:26:44 AM - Error connecting to the internet. 6:26:44 AM - Unable to contact server.. Error - 9/6/2012 7:26:55 AM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 7:26:55 AM - Error connecting to the internet. 7:26:55 AM - Unable to contact server.. Error - 9/6/2012 7:27:02 AM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 7:27:00 AM - Error connecting to the internet. 7:27:00 AM - Unable to contact server.. Error - 9/6/2012 9:21:35 AM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 9:21:35 AM - Error connecting to the internet. 9:21:35 AM - Unable to contact server.. Error - 9/6/2012 9:22:58 AM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 9:22:38 AM - Error connecting to the internet. 9:22:38 AM - Unable to contact server.. Error - 9/7/2012 1:40:15 AM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 1:40:14 AM - Error connecting to the internet. 1:40:15 AM - Unable to contact server.. Error - 9/7/2012 1:40:39 AM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 1:40:20 AM - Error connecting to the internet. 1:40:20 AM - Unable to contact server.. Error - 10/7/2012 12:51:37 PM | Computer Name = Kike | Source = MCUpdate | ID = 0 Description = 12:51:25 PM - Error connecting to the internet. 12:51:26 PM - Unable to contact server.. [ System Events ] Error - 2/1/2013 9:11:35 PM | Computer Name = Kike | Source = Service Control Manager | ID = 7000 Description = The Norton Internet Security service failed to start due to the following error: %%2 Error - 2/1/2013 9:11:50 PM | Computer Name = Kike | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ccHP Error - 2/2/2013 7:01:22 AM | Computer Name = Kike | Source = Service Control Manager | ID = 7034 Description = The IMF Service service terminated unexpectedly. It has done this 1 time(s). Error - 2/2/2013 7:20:33 AM | Computer Name = Kike | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2/2/2013 7:24:15 AM | Computer Name = Kike | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 2/2/2013 7:25:09 AM | Computer Name = Kike | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2/2/2013 7:28:02 AM | Computer Name = Kike | Source = Service Control Manager | ID = 7000 Description = The Norton Internet Security service failed to start due to the following error: %%2 Error - 2/2/2013 7:28:46 AM | Computer Name = Kike | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ccHP Error - 2/2/2013 8:23:17 PM | Computer Name = Kike | Source = Service Control Manager | ID = 7000 Description = The Norton Internet Security service failed to start due to the following error: %%2 Error - 2/2/2013 8:23:52 PM | Computer Name = Kike | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ccHP < End of report >
  7. OTL logfile created on: 2/2/2013 7:34:57 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rac\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 16.99% Memory free 7.49 Gb Paging File | 3.61 Gb Available in Paging File | 48.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454.26 Gb Total Space | 385.40 Gb Free Space | 84.84% Space Free | Partition Type: NTFS Computer Name: KIKE | User Name: rac | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/02 19:32:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rac\Downloads\OTL.exe PRC - [2013/02/02 19:26:31 | 000,881,914 | ---- | M] () -- C:\Users\rac\Downloads\SecurityCheck.exe PRC - [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010/11/20 07:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2010/01/28 19:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe PRC - [2009/12/25 17:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2013/02/02 19:26:31 | 000,881,914 | ---- | M] () -- C:\Users\rac\Downloads\SecurityCheck.exe MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/04/06 16:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2010/03/15 11:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/01/09 00:12:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/04/05 13:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/02/11 15:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/28 19:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2009/12/03 21:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/03 23:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010/03/15 12:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/03/15 11:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/04 23:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/01/07 11:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/12/02 17:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2008/04/16 16:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9133BC3E-1ED9-4DB1-84B7-DACA6784D460}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA'>http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA'>http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{E369E6EB-1897-4CDA-B7AF-11BD825C0F1E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie IE - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\..\SearchScopes\{D1F600D7-6684-4942-B7CF-1A32D537CAEE}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA IE - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\..\SearchScopes\{E369E6EB-1897-4CDA-B7AF-11BD825C0F1E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS447 IE - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\..\SearchScopes\{F553139C-CC7A-4E3B-8B8A-88A6EA58070E}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\rac\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll O1 HOSTS File: ([2013/02/02 06:28:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\S-1-5-21-1085755171-966835748-4094314865-1000..\Run: [Facebook Update] C:\Users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1085755171-966835748-4094314865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{002FFD33-A7C8-40B9-BC3C-EF7A8C55B731}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/01/27 06:37:23 | 000,770,776 | ---- | M] (Symantec Corporation) - C:\AutoDetectPkg norton antivirus.exe -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: avast - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba) MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/02/02 19:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013/02/02 19:15:18 | 000,000,000 | ---D | C] -- C:\malware help folder [2013/02/02 19:07:45 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Roaming\Apple Computer [2013/02/02 14:59:19 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Roaming\Malwarebytes [2013/02/02 14:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/02 14:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/02 14:59:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/02/02 14:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/02 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Local\Programs [2013/02/02 07:06:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/02 07:03:25 | 000,000,000 | --SD | C] -- C:\ComboFix [2013/02/02 06:11:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/02/02 06:11:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/02/02 06:11:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/02/02 05:55:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/02 05:54:48 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/02/01 15:57:49 | 000,026,432 | ---- | C] (IObit) -- C:\windows\SysNative\RegistryDefragBootTime.exe [2013/02/01 15:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} [2013/02/01 15:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013/02/01 15:41:44 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Roaming\IObit [2013/02/01 15:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013/02/01 12:20:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013/02/01 12:20:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013/02/01 12:20:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll [2013/02/01 12:20:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys [2013/02/01 12:20:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys [2013/02/01 12:20:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll [2013/02/01 12:20:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll [2013/02/01 12:20:27 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll [2013/02/01 12:20:26 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe [2013/02/01 12:20:26 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll [2013/02/01 12:20:26 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll [2013/02/01 12:20:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll [2013/02/01 12:20:26 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll [2013/02/01 12:20:26 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll [2013/02/01 12:20:26 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe [2013/02/01 12:20:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll [2013/02/01 12:20:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll [2013/02/01 12:20:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll [2013/02/01 12:20:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll [2013/02/01 12:20:25 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2013/02/01 12:20:25 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2013/02/01 12:20:25 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2013/02/01 12:20:24 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2013/02/01 12:20:22 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2013/02/01 12:19:18 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2013/02/01 12:19:14 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll [2013/02/01 12:19:14 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2013/01/31 14:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/01/28 23:28:57 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Roaming\AVG [2013/01/28 23:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013/01/28 21:08:15 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Roaming\TuneUp Software [2013/01/28 21:05:42 | 000,000,000 | ---D | C] -- C:\$AVG [2013/01/28 21:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013/01/28 21:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/01/28 20:55:15 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Local\MFAData [2013/01/28 20:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013/01/28 20:55:15 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Local\Avg2013 [2013/01/28 20:33:31 | 000,000,000 | ---D | C] -- C:\AVGTemp [2013/01/28 18:32:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/01/25 17:39:22 | 000,000,000 | ---D | C] -- C:\found.000 [2013/01/24 18:19:50 | 000,000,000 | ---D | C] -- C:\perflogs [2013/01/19 16:30:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iWin [2013/01/16 12:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/01/16 12:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/01/09 03:25:10 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013/01/09 03:25:10 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013/01/09 03:24:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013/01/09 03:24:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013/01/09 03:24:30 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013/01/09 03:24:30 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013/01/09 03:24:30 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013/01/09 03:24:30 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013/01/09 03:24:30 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013/01/09 03:24:30 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013/01/09 03:24:29 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013/01/09 03:24:29 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013/01/09 03:24:29 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013/01/09 03:24:29 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013/01/09 03:24:29 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013/01/09 03:24:29 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013/01/09 03:24:29 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013/01/09 03:24:29 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013/01/09 03:24:29 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013/01/09 03:24:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013/01/09 03:24:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013/01/09 03:24:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013/01/09 03:24:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013/01/09 03:24:29 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013/01/09 03:24:29 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013/01/09 03:24:28 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013/01/09 03:24:28 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013/01/09 03:24:28 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013/01/09 03:24:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013/01/09 03:24:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013/01/09 03:24:24 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013/01/09 03:24:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013/01/09 03:24:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013/01/09 03:24:23 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013/01/09 03:24:23 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013/01/09 03:24:23 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013/01/09 03:23:32 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013/01/09 03:23:13 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013/01/09 03:23:11 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013/01/09 03:23:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013/01/09 03:23:10 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013/01/09 03:23:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013/01/09 03:23:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013/01/09 03:23:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013/01/09 03:23:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013/01/09 03:23:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013/01/09 03:23:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013/01/09 03:23:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/09 03:23:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/09 03:23:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/09 03:23:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 03:23:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 03:23:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 03:23:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 03:23:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 03:23:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013/01/09 03:23:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013/01/09 03:23:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/09 03:23:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 03:23:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 03:23:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 03:23:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/09 03:23:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 03:23:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 03:23:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 03:23:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 03:23:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 03:23:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 03:23:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/09 03:23:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/09 03:23:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/02 19:32:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/02 19:32:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/02 19:23:28 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/02 19:22:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/02/02 19:22:51 | 3016,499,200 | -HS- | M] () -- C:\hiberfil.sys [2013/02/02 19:21:19 | 000,000,101 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013/02/02 19:08:01 | 000,000,920 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1085755171-966835748-4094314865-1000UA.job [2013/02/02 19:01:05 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/02 19:01:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/02/02 14:59:07 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/02 07:08:02 | 000,000,898 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1085755171-966835748-4094314865-1000Core.job [2013/02/02 06:28:59 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013/01/25 11:14:23 | 000,038,149 | ---- | M] () -- C:\Users\rac\AppData\Local\Perfmon.PerfmonCfg [2013/01/24 21:06:51 | 000,007,603 | ---- | M] () -- C:\Users\rac\AppData\Local\Resmon.ResmonCfg [2013/01/23 18:28:46 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/01/23 18:28:46 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/01/23 18:28:46 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/01/16 12:56:55 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013/01/15 18:49:06 | 000,026,432 | ---- | M] (IObit) -- C:\windows\SysNative\RegistryDefragBootTime.exe [2013/01/10 09:31:57 | 000,342,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/01/09 00:12:28 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/01/09 00:12:28 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/02 19:21:11 | 000,000,101 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2013/02/02 14:59:07 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/02 06:11:36 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/02/02 06:11:36 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/02/02 06:11:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/02/02 06:11:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/02/02 06:11:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/01/25 11:14:23 | 000,038,149 | ---- | C] () -- C:\Users\rac\AppData\Local\Perfmon.PerfmonCfg [2013/01/16 12:56:55 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2012/04/28 21:23:41 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/12/17 23:01:28 | 000,013,824 | ---- | C] () -- C:\Users\rac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/15 05:07:41 | 000,007,603 | ---- | C] () -- C:\Users\rac\AppData\Local\Resmon.ResmonCfg [2011/10/04 19:16:13 | 000,020,179 | ---- | C] () -- C:\Users\rac\AppData\Roaming\UserTile.png [2011/07/23 20:17:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/07/23 20:15:17 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2011/10/06 08:12:45 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/31 14:35:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/01/31 14:35:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013/01/28 23:28:57 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\AVG [2013/02/01 17:09:41 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\IObit [2013/02/01 01:59:27 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\mjusbsp [2011/10/06 08:12:06 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\Tific [2011/09/04 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\Toshiba [2013/01/28 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\TuneUp Software [2013/02/02 04:58:21 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\uTorrent [2011/09/05 00:11:06 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\WildTangent [2011/07/25 13:33:57 | 000,000,000 | ---D | M] -- C:\Users\rac\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\*. /mp /s > < %systemroot%\*. /rp /s > < %SYSTEMDRIVE%\*.exe > [2012/01/27 06:37:23 | 000,770,776 | ---- | M] (Symantec Corporation) -- C:\AutoDetectPkg norton antivirus.exe [2011/10/23 12:42:10 | 000,606,552 | ---- | M] (Google Inc.) -- C:\GoogleEarthPluginSetup.exe [2012/03/11 00:05:33 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\MicrosoftFixit.AudioPlayback.Run.exe [2012/03/22 13:16:34 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\uTorrent.exe < %LOCALAPPDATA%\*.exe > < %systemdrive%\$Recycle.Bin|@;true;true;true /fp > < MD5 for: EXPLORER.EXE > [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: SVCHOST.EXE > [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report >
  8. # AdwCleaner v2.109 - Logfile created 02/02/2013 at 19:21:03 # Updated 26/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : rac - KIKE # Boot Mode : Normal # Running from : C:\Users\rac\Downloads\adwcleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\boost_interprocess Folder Deleted : C:\Program Files (x86)\AVG Secure Search Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\uTorrentBar Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\rac\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\rac\AppData\Local\Conduit Folder Deleted : C:\Users\rac\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\rac\AppData\LocalLow\Conduit Folder Deleted : C:\Users\rac\AppData\LocalLow\uTorrentBar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Deleted : HKLM\Software\uTorrentBar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1449BC8C-7B51-499B-9F85-6892435DDE53} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4723BE4C-0EC0-44BA-96F1-023AA7E9FF09} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v24.0.1312.57 File : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3457 octets] - [02/02/2013 19:21:03] ########## EOF - C:\AdwCleaner[s1].txt - [3517 octets] ########## Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 17 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` I'm still waiting on the last scan. Will post as soon as its done : )
  9. Freezing right now...

  10. Before I did the scans I ran the ComboFix tool. Now I cant do anything without running it as administrator. I have all logs, posted ahead. I was looking for help because physical memory would not go down below 86%, always hovered more around 91-95%. Sometimes it would briefly go down to nothing and shoot right back up. Was making computer slow, so here I'am. Also, when I ran my antivirus it would come up with "zip drive corrupted" and "symantec Hash Provider ROOT\LEGACY_CCHP\0000 This device is not present, is not working properly, or does not have all its drivers installed." Please HELP... ~The error messages~ File C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\ Content.IE5\Ib54MYLH\1916ff8d-7f85-46e3-96da-bcbb4c6735d2_Catalog.xap[1]pngl>Catalog.xaml Error 42125 {Zip archive is corrupted} File C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\ Content.IE5\a5ccl7d68c181a85fcff5312f1b0368d_Microsoft.Maps.Framework.xap[1].png>Microsoft.Maps.Network.dll Error 42125{Zip Archive is corrupted} ~These are the scans~ Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.02.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 rac :: KIKE [administrator] Protection: Enabled 2/2/2013 3:03:14 PM mbam-log-2013-02-02 (15-03-14).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 347687 Time elapsed: 45 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ComboFix 13-02-01.04 - rac 02/02/2013 6:15.1.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.395 [GMT -5:00] Running from: c:\users\rac\Downloads\ComboFix.exe SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 ))))))))))))))))))))))))))))))) . . 2013-02-02 11:24 . 2013-02-02 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-01 22:09 . 2012-05-08 23:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2013-02-01 22:09 . 2010-11-26 23:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2013-02-01 20:57 . 2013-01-15 23:49 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2013-02-01 20:42 . 2013-02-01 20:42 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-02-01 20:42 . 2013-02-01 22:03 -------- d-----w- c:\programdata\IObit 2013-02-01 20:41 . 2013-02-01 22:09 -------- d-----w- c:\users\rac\AppData\Roaming\IObit 2013-02-01 20:41 . 2013-02-01 20:41 -------- d-----w- c:\program files (x86)\Application Updater 2013-02-01 20:41 . 2013-02-01 20:41 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar 2013-02-01 20:41 . 2013-02-01 20:41 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2013-02-01 20:41 . 2013-02-01 22:09 -------- d-----w- c:\program files (x86)\IObit 2013-02-01 17:19 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-02-01 17:19 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-02-01 17:19 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-02-01 17:19 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-02-01 17:19 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-02-01 17:19 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-02-01 17:19 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-02-01 17:19 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-02-01 17:19 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-02-01 07:21 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AE51A2-AB5B-4EFD-8136-BC05ACE1D70A}\mpengine.dll 2013-01-31 19:35 . 2013-01-31 19:35 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-01-29 04:28 . 2013-01-29 04:28 -------- d-----w- c:\users\rac\AppData\Roaming\AVG 2013-01-29 04:26 . 2013-01-29 04:30 -------- d-----w- c:\programdata\AVG 2013-01-29 02:08 . 2013-01-29 02:08 -------- d-----w- c:\users\rac\AppData\Local\AVG Secure Search 2013-01-29 02:08 . 2013-01-29 02:08 -------- d-----w- c:\users\rac\AppData\Roaming\TuneUp Software 2013-01-29 02:08 . 2013-01-29 02:08 -------- d-----w- c:\programdata\AVG Secure Search 2013-01-29 02:07 . 2013-02-01 23:21 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2013-01-29 02:07 . 2013-02-01 23:21 -------- d-----w- c:\program files (x86)\AVG Secure Search 2013-01-29 02:05 . 2013-01-29 02:05 -------- d-----w- C:\$AVG 2013-01-29 02:04 . 2013-02-01 05:50 -------- d-----w- c:\program files (x86)\AVG 2013-01-29 01:55 . 2013-02-01 19:20 -------- d-----w- c:\programdata\MFAData 2013-01-29 01:55 . 2013-01-29 02:20 -------- d-----w- c:\users\rac\AppData\Local\Avg2013 2013-01-29 01:55 . 2013-01-29 01:55 -------- d-----w- c:\users\rac\AppData\Local\MFAData 2013-01-29 01:33 . 2013-01-29 01:33 -------- d-----w- C:\AVGTemp 2013-01-28 23:32 . 2013-01-28 23:32 -------- d--h--w- c:\programdata\Common Files 2013-01-25 22:39 . 2013-01-25 22:39 -------- d-----w- C:\found.000 2013-01-24 23:19 . 2013-01-24 23:19 -------- d-----w- C:\perflogs 2013-01-16 17:55 . 2013-02-01 07:41 -------- d-----w- c:\programdata\AVAST Software 2013-01-16 17:55 . 2013-02-01 06:58 -------- d-----w- c:\program files\AVAST Software 2013-01-09 08:25 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 08:25 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 08:23 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-17 06:28 . 2011-09-04 04:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 13:58 . 2011-10-06 13:47 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 05:12 . 2012-04-29 05:19 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 05:12 . 2011-09-06 04:08 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-16 17:11 . 2012-12-21 18:08 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 18:08 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 18:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 18:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:45 . 2013-01-09 08:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-16 11:10 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-16 11:10 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-16 11:11 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-16 11:11 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-16 11:11 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-16 11:11 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-16 11:11 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-16 11:10 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-16 11:10 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-16 11:10 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-16 11:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-16 11:10 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-16 11:11 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-16 11:11 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-16 11:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-16 11:11 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-16 11:10 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-16 11:11 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-16 11:11 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-16 11:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-16 11:11 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-16 11:11 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-13 01:05 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-13 01:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 16:29 . 2012-11-08 16:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll" [2013-01-10 1348416] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] 2013-01-10 21:54 1348416 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll" [2013-01-10 1348416] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-21 138096] "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-01-10 1250112] "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856] R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1255736] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-01-10 793600] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-01 19:17 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 05:12] . 2013-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085755171-966835748-4094314865-1000Core.job - c:\users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21 12:03] . 2013-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085755171-966835748-4094314865-1000UA.job - c:\users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21 12:03] . 2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 05:50] . 2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 05:50] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ie mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe AddRemove-NortonPCCheckup - c:\program files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.3.198\InstStub.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe . ************************************************************************** . Completion time: 2013-02-02 06:34:55 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-02 11:34 . Pre-Run: 414,015,537,152 bytes free Post-Run: 413,898,092,544 bytes free . - - End Of File - - 0EFE26CBF7DFA06DA9C2A8D33858075E
  11. Hi, clarissa: We cannot assist you in your profile feed. Please follow the instructions here: http://forums.malwarebytes.org/index.php?showtopic=9573 . Then, please start a new forum post here: http://forums.malwarebytes.org/index.php?showforum=7. Thanks!

  12. Can anybody HELP!? "symantec Hash Provider ROOT\LEGACY_CCHP\0000 This device is not present, is not working properly, or does not have all its drivers installed."

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.