BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
I think it's a virus
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > I think it's a virus  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : I think it's a virus
[ << Previous Thread | Next Thread >> ]

Beauty
New Member


Date Joined Jun 2009
Total Posts : 28
 
   Posted 3/25/2013 8:50 AM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
I have a Toshiba Satellite C655 with Windows 7 operating system

While using firefox I received a message that a pluging was disabled for my safety (I don't remember the name of it) and that I
should activate it now, silly me I did, that is when my problems started.

2 days ago, the short cuts on my pc started started to change it allowed me to run some virus protection but I would get a
false report after running for about a min.

Then it stopped allowing me to run malwarebytes or any of the other virus malware protection that I have on it.
Malwarebytes chamelon would hang up. It progressed to locking me out of programs or they hang up or will not open
including access to my external drives which has full windows backup for the everything that was on the computer.

I tried wipping the the computer and starting over, it has improve by allowing me to go online but when I open any virus
or malware protection it stops running after a minuet or so. I can not install programs unless it is done in safe mode.
It is not shutting down properly, it hangs up never finishing.

Also, everything disappeared on my desktop and I had to use the task manager to log off. I logged back to safe mode and tried running malwarebye, it did run and the report said there was not any infections. I logged into windows 7 normally and everthing is back for now on the desktop screen.

Right now the computer is a bit slower than normal and programs and files are temperamental in opening, running and closing.

P.S. I am unable to remove the old sun java although I have updated before the forum request me to do so.

While running hijack this a screen popped up saying:
FOR SOME reason your system denied write access to the Hosts file. If any hijacked domain are in this file, HijackThis
may not be able to fix this, along with instruction on manual corrections.

I am unable to run Malwarebytes and Avast or the programs will not open or gets stuck, and give false reports.

CC cleaner ran to 26% then hung up. I tried it a number of times and I also let it run for over a half hour.

I was unable to get the logs from DDS. I allowed DDS to run for approximately 3 1/2 hours, it showed up as running on the tasked master but never produced the logs or stopped.

For all of the processed I made sure that the virus protection and firewall was off while I ran them..

I could try to run them in safe mode since I can get better results there, please let me know if you require that.


Thank you

Beauty

-----------------=============---------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:56 PM, on 3/24/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Avant Browser\avant.exe
C:\Program Files (x86)\Avant Browser\avantvw.exe
C:\Program Files (x86)\Avant Browser\webkit\chrome.exe
C:\Program Files (x86)\Avant Browser\webkit\chrome.exe
C:\Program Files (x86)\Avant Browser\webkit\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Users\Toni\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee

Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files

(x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files

(x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files

(x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program

Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST

Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files

(x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program

Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton

Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google

\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST

Software\Avast\aswWebRepIE.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files

\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station

\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User

'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan

\3.0.318\SSScheduler.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live

\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe

(file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe

(file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows

\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater

\GoogleUpdaterService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files

\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files

(x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet

Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows

\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe

(file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater

\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows

\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows

\system32\sppsvc.exe (file missing)
O23 - Service: taisregispinger - Unknown owner - C:\Program Files (x86)\TOSHIBA\ToshibaRegistration

\TaisRegistPinger.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station

\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows

\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power

Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA

HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe

(file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files

(x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe

(file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows

\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) -

Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11283 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 3/25/2013 4:48 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Hello        smile
 
 
 
 
Right now the computer is a bit slower than normal and programs and files are temperamental in opening, running and closing.
 
 
It´s probably because you have 3 active antivirus running, as they will confict with each other
 
 
 
I´ll therefore suggest you uninstall 2 of them - Avast - or  - ZoneAlarm - or -Norton Internet Security.
 
 
When done, see if you can run DDS now ?
 
 
 
 
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Beauty
New Member


Date Joined Jun 2009
Total Posts : 28
 
   Posted 3/25/2013 8:00 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Hi Touch

I uninstalled the Norton Antivirus and ZoneAlarm. ZoneAlarm is a fire wall, as far as I know that is how it is merchandized, never -the-less the two of are gone.

Good news! :-) Just as you implied DDS produced the logs and Malwarebytes did a full run producing a report as well.

Thank you

Beauty

------------------------------

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Toni :: TONI-PC [administrator]

Protection: Enabled

3/25/2013 11:44:54 AM
mbam-log-2013-03-25 (11-44-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 311382
Time elapsed: 23 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by Toni at 11:38:01 on 2013-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2563 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\msiexec.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\ctfmon.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\SoftwareDistribution\Download\Install\dotNetFx40_Client_x86_x64.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EA70FC8D-8405-4E4B-A797-B87E55696DFD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4717DC1-883F-4D01-A515-D6E8CA5C76EF} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\browse~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\sh916i90.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-23 19:25; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF - ExtSQL: 2013-03-23 22:05; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn
FF - ExtSQL: 2013-03-24 10:46; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-24 15:27; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-24 65336]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-3-24 1025808]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-3-24 377920]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-3-24 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-3-24 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-24 45248]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-24 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-24 682344]
R2 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2011-3-23 297344]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2013-3-23 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-3-24 24176]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-3-23 38096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-3-23 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-24 178624]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-3-23 243712]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-25 15:38:20 -------- d-----w- C:\5cadb8e3629b21750c23413cdd
2013-03-25 15:35:26 -------- d-----w- C:\Program Files (x86)\GUM99AF.tmp
2013-03-25 00:18:22 171136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2013-03-24 21:52:17 -------- d-----w- C:\Program Files\CCleaner
2013-03-24 19:29:11 -------- d-----w- C:\Program Files (x86)\BrowseToSave
2013-03-24 19:27:58 -------- d-----w- C:\Users\Toni\AppData\Roaming\CheckPoint
2013-03-24 17:35:14 -------- d-----w- C:\windows\System32\drivers\NISx64\1206000.01D
2013-03-24 17:24:24 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-03-24 17:24:24 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-03-24 17:24:14 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-24 16:35:28 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-03-24 15:58:13 -------- d-----w- C:\Users\Toni\AppData\Local\Macromedia
2013-03-24 15:34:35 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-03-24 15:34:32 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-03-24 15:34:30 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-24 15:34:30 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-03-24 15:31:25 -------- d-----w- C:\Users\Toni\AppData\Local\Adobe
2013-03-24 15:29:57 -------- d-----w- C:\Program Files\Tracker Software
2013-03-24 15:06:29 -------- d-----w- C:\Program Files (x86)\Marshall Plan Novel Writing Software
2013-03-24 15:03:35 -------- d-----w- C:\Users\Toni\AppData\Roaming\calibre
2013-03-24 15:03:26 -------- d-----w- C:\Program Files (x86)\Calibre2
2013-03-24 15:01:16 -------- d-----w- C:\ProgramData\SoftSafe
2013-03-24 14:57:05 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-24 14:55:55 -------- d-----w- C:\ProgramData\InstallMate
2013-03-24 14:54:07 -------- d-----w- C:\ProgramData\CheckPoint
2013-03-24 14:46:43 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-03-24 14:46:43 70992 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-03-24 14:46:43 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-03-24 14:46:43 178624 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-03-24 14:46:43 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-03-24 14:46:24 41664 ----a-w- C:\windows\avastSS.scr
2013-03-24 14:46:10 -------- d-----w- C:\Program Files\AVAST Software
2013-03-24 14:45:48 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-24 14:44:42 -------- d-----w- C:\Users\Toni\AppData\Roaming\Malwarebytes
2013-03-24 14:44:31 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-03-24 14:44:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-24 14:43:44 -------- d-----w- C:\Users\Toni\AppData\Local\Programs
2013-03-24 02:11:13 27784 ----a-w- C:\windows\System32\drivers\tdcmdpst.sys
2013-03-24 02:10:22 -------- dc-h--w- C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
2013-03-24 02:09:28 140632 ----a-w- C:\windows\System32\TODDSrv.exe
2013-03-24 02:06:25 -------- d--h--w- C:\windows\msdownld.tmp
2013-03-24 02:06:10 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-03-24 02:06:07 802864 ----a-r- C:\windows\System32\drivers\NISx64\1205000.07D\SymEFA64.sys
2013-03-24 02:06:07 735864 ----a-r- C:\windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
2013-03-24 02:06:07 450608 ----a-r- C:\windows\System32\drivers\NISx64\1205000.07D\SymDS64.sys
2013-03-24 02:06:07 40568 ----a-r- C:\windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
2013-03-24 02:06:07 382072 ----a-r- C:\windows\System32\drivers\NISx64\1205000.07D\symnets.sys
2013-03-24 02:06:07 171128 ----a-r- C:\windows\System32\drivers\NISx64\1205000.07D\Ironx64.sys
2013-03-24 02:05:54 -------- d-----w- C:\windows\System32\drivers\NISx64\1205000.07D
2013-03-24 02:05:54 -------- d-----w- C:\windows\System32\drivers\NISx64
2013-03-24 02:05:52 -------- d-----w- C:\ProgramData\Norton
2013-03-24 02:05:35 -------- d-----w- C:\ProgramData\NortonInstaller
2013-03-24 02:03:58 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2013-03-24 02:01:29 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2013-03-24 02:01:29 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2013-03-24 02:00:09 38096 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2013-03-24 01:58:08 9728 ----a-w- C:\windows\SysWow64\TCMSVR.dll
2013-03-24 01:58:08 9216 ----a-w- C:\windows\System32\drivers\FwLnk.sys
2013-03-24 01:58:08 152848 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2013-03-24 01:58:08 1351392 ----a-w- C:\windows\SysWow64\COMCTL32.OCX
2013-03-24 01:58:08 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx
2013-03-24 01:58:07 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-03-24 01:58:07 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-03-24 01:58:07 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-03-24 01:58:07 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-03-24 01:58:07 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-03-24 01:58:07 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-03-24 01:58:07 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-03-24 01:53:48 1550848 ----a-w- C:\windows\System32\drivers\athrx.sys
2013-03-24 01:53:48 -------- d-----w- C:\Program Files (x86)\Atheros
2013-03-24 01:53:44 -------- d-----w- C:\ProgramData\Atheros
2013-03-24 01:50:29 -------- d-----w- C:\Program Files\Synaptics
2013-03-24 01:48:51 -------- d-----w- C:\windows\SysWow64\sda
2013-03-24 01:48:46 9112168 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2013-03-24 01:48:46 422504 ----a-w- C:\windows\System32\RtsUStor.dll
2013-03-24 01:48:46 243712 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2013-03-24 01:48:46 -------- d-----w- C:\Program Files (x86)\Realtek
2013-03-24 01:48:00 -------- d-----w- C:\Program Files\CONEXANT
2013-03-24 01:45:06 -------- d-----w- C:\Intel
2013-03-24 01:43:24 408600 ----a-w- C:\windows\System32\drivers\iaStor.sys
2013-03-24 01:41:49 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
2013-03-24 01:31:07 -------- d-----w- C:\Users\Toni\AppData\Roaming\Avant Profiles
2013-03-24 01:31:07 -------- d-----w- C:\Users\Toni\AppData\Roaming\Avant Downloader
2013-03-24 01:30:53 -------- d-----w- C:\Program Files (x86)\Avant Browser
2013-03-24 01:17:53 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-23 23:49:49 -------- d-----w- C:\Users\Toni\AppData\Local\Google
2013-03-23 23:40:55 -------- d-----w- C:\Users\Toni\AppData\Local\Best Buy pc app
2013-03-23 23:32:13 -------- d-----w- C:\Users\Toni\AppData\Local\TOSHIBA_Corporation
2013-03-23 23:30:52 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2013-03-23 23:30:52 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2013-03-23 23:30:52 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2013-03-23 23:30:51 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2013-03-23 23:27:57 -------- d-----w- C:\Users\Toni\AppData\Local\Apps
2013-03-23 23:27:56 -------- d-----w- C:\Users\Toni\AppData\Local\Deployment
2013-03-23 23:27:17 -------- d-----w- C:\Users\Toni\AppData\Local\VirtualStore
2013-03-23 23:26:48 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2013-03-23 23:26:36 2622464 ----a-w- C:\windows\System32\wucltux.dll
2013-03-23 23:26:20 36864 ----a-w- C:\windows\System32\wuapp.exe
2013-03-23 23:26:20 186752 ----a-w- C:\windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
.
============= FINISH: 11:41:15.01 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/23/2013 7:25:07 PM
System Uptime: 3/25/2013 11:33:42 AM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 297 GiB total, 269.394 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 3/23/2013 7:25:32 PM - TOSHIBA Default System Restore Point
RP4: 3/23/2013 7:25:35 PM - Windows Update
RP5: 3/23/2013 7:26:12 PM - Installed TOSHIBA Quality Application
RP6: 3/23/2013 7:30:53 PM - Windows Update
RP7: 3/24/2013 1:23:40 PM - Installed Java 7 Update 17
RP8: 3/24/2013 3:33:03 PM - Revo Uninstaller's restore point - Best Buy pc app
RP9: 3/25/2013 11:37:35 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Avant Browser (remove only)
avast! Free Antivirus
Best Buy pc app
BrowseToSave 1.74
calibre
CCleaner
Conexant HD Audio
D3DX10
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 17
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.70.0.1100
Marshall Plan® Novel Writing Software
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
PDF-Viewer
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Skype™ 6.3
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
ZoneAlarm Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
3/25/2013 11:31:41 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
3/25/2013 11:31:41 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/25/2013 11:29:50 AM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/25/2013 11:13:12 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2013 4:27:41 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
3/24/2013 4:12:13 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.
3/24/2013 4:03:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/24/2013 4:03:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/24/2013 4:03:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/24/2013 4:03:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/24/2013 4:03:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/24/2013 4:03:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/24/2013 4:03:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/24/2013 4:02:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Vsdatant vwififlt Wanarpv6 WfpLwf
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2013 4:02:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2013 3:59:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
3/24/2013 3:59:43 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/24/2013 3:42:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/24/2013 3:41:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
3/24/2013 3:40:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
3/24/2013 3:39:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
3/24/2013 3:39:06 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/24/2013 3:28:12 PM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/24/2013 2:43:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 DfsC discache IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
3/24/2013 2:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 DfsC discache IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON tdx vwififlt Wanarpv6 WfpLwf
3/24/2013 12:20:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
3/24/2013 11:35:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
3/24/2013 11:35:40 AM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/24/2013 10:57:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
3/24/2013 10:54:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/24/2013 10:52:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/24/2013 10:39:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
3/24/2013 1:02:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
3/24/2013 1:02:33 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/24/2013 1:02:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
3/23/2013 7:33:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
3/23/2013 7:33:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
.
==== End Of File ===========================
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 3/25/2013 8:20 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Glad to hear there are improvements.....
 
 
CC cleaner ran to 26% then hung up. I tried it a number of times and I also let it run for over a half hour. 

Maybe worth trying Again.
 
 
 
 And save to the desktop.
 
After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.
 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Beauty
New Member


Date Joined Jun 2009
Total Posts : 28
 
   Posted 3/26/2013 7:36 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Hi

I combofix will not complete its run it gets to creating a restore point and never finishes. I tried running it 3 different times
letting it run 2hr, 5hrs (while sleeping) 4 hrs morning my time to noon. I downloaded it and changed the name before saving. I followed your instructions to the tee. The only thing I have not did is run it in safe mode I do not know if I should do that without you saying so.

Again CCleaner will not go beyond 23%.

Than you

Beauty
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 3/26/2013 7:55 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Seems we have to dig deeper, then.
 
 
 
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
 
 
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in:
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  •  
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Beauty
New Member


Date Joined Jun 2009
Total Posts : 28
 
   Posted 3/26/2013 8:37 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Ok so I tried combofix again. I shut down long on in safe mode, exit safe mode and then logged on in normal windows. I remembered that windows 7 has a screen saver that changes, I did not change it when running combofix before. I reset it to change for one day and then rerun combofix.

TA DAAAAH :-) it worked.

Should I still run the other utility?


Thank You

Beauty

===================

ComboFix 13-03-26.01 - Toni 03/26/2013 13:07:35.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2822 [GMT -4:00]
Running from: c:\users\Toni\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-26 to 2013-03-26 )))))))))))))))))))))))))))))))
.
.
2013-03-26 17:14 . 2013-03-26 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-25 15:39 . 2013-03-25 15:39 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-03-25 15:35 . 2013-03-25 15:35 -------- d-----w- c:\program files (x86)\GUM99AF.tmp
2013-03-24 21:52 . 2013-03-24 21:52 -------- d-----w- c:\program files\CCleaner
2013-03-24 19:29 . 2013-03-24 19:29 -------- d-----w- c:\program files (x86)\BrowseToSave
2013-03-24 17:24 . 2013-03-24 17:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-24 17:24 . 2013-03-24 17:24 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-24 17:24 . 2013-03-24 17:24 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-24 17:24 . 2013-03-24 17:24 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-24 16:35 . 2013-03-24 16:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-03-24 15:34 . 2013-03-24 15:34 -------- d-----w- c:\programdata\McAfee Security Scan
2013-03-24 15:34 . 2013-03-24 15:34 -------- d-----w- c:\programdata\McAfee
2013-03-24 15:34 . 2013-03-24 16:32 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-03-24 15:34 . 2013-03-24 15:37 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-24 15:34 . 2013-03-24 15:37 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-24 15:34 . 2013-03-24 15:34 -------- d-----w- c:\windows\system32\Macromed
2013-03-24 15:29 . 2013-03-24 15:30 -------- d-----w- c:\program files\Tracker Software
2013-03-24 15:06 . 2013-03-24 15:06 -------- d-----w- c:\program files (x86)\Marshall Plan Novel Writing Software
2013-03-24 15:03 . 2013-03-24 15:03 -------- d-----w- c:\program files (x86)\Calibre2
2013-03-24 15:01 . 2013-03-24 15:01 -------- d-----w- c:\programdata\SoftSafe
2013-03-24 14:57 . 2013-03-24 15:00 -------- d-----r- c:\program files (x86)\Skype
2013-03-24 14:57 . 2013-03-24 14:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-24 14:57 . 2013-03-24 15:00 -------- d-----w- c:\programdata\Skype
2013-03-24 14:55 . 2013-03-24 19:26 -------- d-----w- c:\programdata\InstallMate
2013-03-24 14:54 . 2013-03-24 14:54 -------- d-----w- c:\programdata\CheckPoint
2013-03-24 14:46 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-24 14:46 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-24 14:46 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-24 14:46 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-24 14:46 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-24 14:46 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-24 14:46 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-24 14:46 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-24 14:46 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-24 14:46 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-24 14:46 . 2013-03-24 14:46 -------- d-----w- c:\program files\AVAST Software
2013-03-24 14:45 . 2013-03-24 14:46 -------- d-----w- c:\programdata\AVAST Software
2013-03-24 14:44 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-24 14:44 . 2013-03-24 14:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-24 02:11 . 2009-07-31 03:22 27784 ----a-w- c:\windows\system32\drivers\tdcmdpst.sys
2013-03-24 02:10 . 2013-03-24 02:10 -------- dc-h--w- c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
2013-03-24 02:09 . 2009-07-28 22:48 140632 ----a-w- c:\windows\system32\TODDSrv.exe
2013-03-24 02:08 . 2013-03-24 02:08 -------- d-----w- c:\program files\Google
2013-03-24 02:08 . 2013-03-24 02:09 -------- d-----w- c:\program files (x86)\Google
2013-03-24 02:06 . 2013-03-24 02:06 -------- d--h--w- c:\windows\msdownld.tmp
2013-03-24 02:06 . 2013-03-25 15:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-03-24 02:05 . 2013-03-24 17:35 -------- d-----w- c:\windows\system32\drivers\NISx64
2013-03-24 02:05 . 2013-03-25 15:34 -------- d-----w- c:\programdata\Norton
2013-03-24 02:03 . 2013-03-24 02:03 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2013-03-24 02:01 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2013-03-24 02:01 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2013-03-24 02:00 . 2011-02-09 02:07 38096 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2013-03-24 01:58 . 2009-07-07 15:51 9216 ----a-w- c:\windows\system32\drivers\FwLnk.sys
2013-03-24 01:58 . 2006-03-23 20:44 9728 ----a-w- c:\windows\SysWow64\TCMSVR.dll
2013-03-24 01:58 . 2005-04-16 02:58 1351392 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2013-03-24 01:58 . 2004-03-09 23:00 152848 ----a-w- c:\windows\SysWow64\Comdlg32.ocx
2013-03-24 01:58 . 2004-03-09 23:00 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2013-03-24 01:58 . 2013-03-24 01:58 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-03-24 01:58 . 2013-03-24 01:58 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-03-24 01:58 . 2003-11-11 01:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-03-24 01:58 . 2003-11-11 01:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-03-24 01:58 . 2003-11-11 01:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-03-24 01:58 . 2003-11-11 01:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-03-24 01:58 . 2003-11-11 01:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-03-24 01:53 . 2013-03-24 01:53 -------- d-----w- c:\program files (x86)\Atheros
2013-03-24 01:53 . 2009-11-06 19:56 1550848 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-03-24 01:53 . 2013-03-24 01:53 -------- d-----w- c:\programdata\Atheros
2013-03-24 01:50 . 2013-03-24 01:50 -------- d-----w- c:\program files\Synaptics
2013-03-24 01:48 . 2013-03-24 01:48 -------- d-----w- c:\windows\SysWow64\sda
2013-03-24 01:48 . 2013-03-24 01:48 -------- d-----w- c:\program files (x86)\Realtek
2013-03-24 01:48 . 2010-10-08 18:49 9112168 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2013-03-24 01:48 . 2010-10-08 18:49 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2013-03-24 01:48 . 2010-10-08 18:49 243712 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2013-03-24 01:48 . 2013-03-24 01:48 -------- d-----w- c:\program files\CONEXANT
2013-03-24 01:45 . 2013-03-24 01:45 -------- d-----w- C:\Intel
2013-03-24 01:43 . 2009-08-07 12:24 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2013-03-24 01:41 . 2013-03-24 01:45 -------- d-----w- c:\program files (x86)\Intel
2013-03-24 01:41 . 2009-11-18 23:03 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-03-24 01:30 . 2013-03-24 01:31 -------- d-----w- c:\program files (x86)\Avant Browser
2013-03-24 01:17 . 2013-03-24 01:17 -------- d-----w- c:\programdata\Malwarebytes
2013-03-24 01:13 . 2013-03-24 01:14 -------- d-----w- c:\program files\WinRAR
2013-03-24 00:01 . 2013-03-24 00:01 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-23 23:30 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-03-23 23:30 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-03-23 23:30 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-03-23 23:30 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-03-23 23:26 . 2013-03-23 23:26 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2013-03-23 23:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-03-23 23:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-23 23:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-23 23:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-03-23 23:26 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-23 23:26 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-03-23 23:25 . 2013-03-23 23:27 -------- d-----w- c:\users\Toni
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-23 23:25 . 2010-06-24 18:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-03-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 aswVmm;aswVmm; [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 15:37]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 02:08]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 02:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\sh916i90.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-03-24 10:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-26 13:19:12
ComboFix-quarantined-files.txt 2013-03-26 17:19
.
Pre-Run: 288,093,327,360 bytes free
Post-Run: 287,868,932,096 bytes free
.
- - End Of File - - AA277E8276C778109E5F01A67276D6CA
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 3/27/2013 4:25 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Should I still run the other utility?


Depends on Things are running    ;-)


If you are still experiencing long response times, slow computer, etc. I´ll suggest you do.


Combofix log looks clean to me, so I don't think we will find more infections.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Beauty
New Member


Date Joined Jun 2009
Total Posts : 28
 
   Posted 3/27/2013 8:22 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Hi Touch

I still am experiencing problems, my screen is blinking once and a while. I can not run the utilities that you suggest (they stop responding) unless I exit windows (also windows is not shutting down from normal exit in a normal manner, but shuts down normally for safe mode) and go into safe mode then exit from safe mode to normal windows then run the utility.

When I attempted to run OTL I had the above problem and applied the above solution, it ran and produced a report but only one. I tried to run it again and a window came up saying it could not access cmd. So here is the one notepad report produced

Thank you
Beauty

===========

OTL logfile created on: 3/27/2013 11:18:01 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 72.06% Memory free
7.74 Gb Paging File | 6.56 Gb Available in Paging File | 84.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 267.91 Gb Free Space | 90.32% Space Free | Partition Type: NTFS

Computer Name: TONI-PC | User Name: Toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/26 13:38:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\jkl.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/24 11:37:24 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 10:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/13 14:09:08 | 000,297,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/16 14:13:00 | 000,733,824 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 12:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\..\SearchScopes,DefaultScope = {B4F3C64A-2D3B-4DC6-9A5D-1A91A64DAE6E}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKCU\..\SearchScopes\{B4F3C64A-2D3B-4DC6-9A5D-1A91A64DAE6E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS528
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/24 10:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/23 20:01:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/24 20:18:22 | 000,000,000 | ---D | M]

[2013/03/23 20:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\Mozilla\Extensions
[2013/03/24 11:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/24 10:46:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/14 17:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA70FC8D-8405-4E4B-A797-B87E55696DFD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4717DC1-883F-4D01-A515-D6E8CA5C76EF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{D38C90BD-8360-4405-8158-4FB592093488} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/27 11:15:25 | 000,000,000 | ---D | C] -- C:\Users\Toni\Documents\Corel DVD MovieFactory
[2013/03/27 11:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2013/03/27 11:07:42 | 000,000,000 | R--D | C] -- C:\Users\Toni\Documents\Scanned Documents
[2013/03/27 11:07:41 | 000,000,000 | ---D | C] -- C:\Users\Toni\Documents\Fax
[2013/03/27 11:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba Book Place
[2013/03/27 11:06:36 | 000,000,000 | ---D | C] -- C:\Users\Toni\Documents\Book Place
[2013/03/27 11:06:31 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Book Place
[2013/03/27 01:19:38 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\New folder (2)
[2013/03/27 01:16:15 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\BOOKS
[2013/03/26 18:08:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2013/03/26 15:29:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/26 13:38:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\jkl.exe
[2013/03/26 13:19:14 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/26 07:58:45 | 005,044,718 | R--- | C] (Swearware) -- C:\Users\Toni\Desktop\ComboFix.exe
[2013/03/26 02:10:28 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\CrashDumps
[2013/03/26 00:01:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/26 00:01:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/26 00:01:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/26 00:01:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/26 00:01:31 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/03/25 23:29:32 | 005,044,493 | R--- | C] (Swearware) -- C:\Users\Toni\Desktop\great.exe
[2013/03/25 11:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/03/24 21:55:59 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\Novel
[2013/03/24 17:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/24 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/24 17:43:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Toni\Desktop\HijackThis.exe
[2013/03/24 17:33:09 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Toni\Desktop\dds.scr
[2013/03/24 17:32:21 | 004,190,272 | ---- | C] (Piriform Ltd) -- C:\Users\Toni\Desktop\ccsetup328.exe
[2013/03/24 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013/03/24 15:27:58 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\CheckPoint
[2013/03/24 13:35:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1206000.01D
[2013/03/24 13:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/03/24 13:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/24 13:24:24 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/03/24 13:24:24 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/03/24 13:24:24 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/03/24 13:24:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/24 12:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/03/24 12:35:28 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/03/24 11:58:13 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Macromedia
[2013/03/24 11:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/03/24 11:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/03/24 11:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/03/24 11:34:30 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/24 11:34:30 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/24 11:34:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013/03/24 11:31:25 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Adobe
[2013/03/24 11:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2013/03/24 11:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013/03/24 11:27:18 | 000,000,000 | ---D | C] -- C:\Users\Toni\Documents\STNUOCCA
[2013/03/24 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marshall Plan Novel Writing Software
[2013/03/24 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\Toni\Documents\Calibre Library
[2013/03/24 11:03:35 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\calibre
[2013/03/24 11:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/03/24 11:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/03/24 11:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013/03/24 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Skype
[2013/03/24 10:57:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/03/24 10:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/24 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/24 10:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/03/24 10:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/03/24 10:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/03/24 10:50:36 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\Novel Writing
[2013/03/24 10:46:44 | 000,377,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/03/24 10:46:44 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/03/24 10:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/24 10:46:43 | 001,025,808 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/03/24 10:46:43 | 000,287,840 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/03/24 10:46:43 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/03/24 10:46:43 | 000,070,992 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/03/24 10:46:43 | 000,068,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/03/24 10:46:24 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/24 10:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/24 10:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/24 10:44:42 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Malwarebytes
[2013/03/24 10:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/24 10:44:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/24 10:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/24 10:43:44 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Programs
[2013/03/24 03:18:27 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2013/03/24 00:56:18 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\APPS
[2013/03/24 00:53:18 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\FILES
[2013/03/23 22:35:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/03/23 22:11:13 | 000,027,784 | ---- | C] (TOSHIBA Corporation.) -- C:\windows\SysNative\drivers\tdcmdpst.sys
[2013/03/23 22:10:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
[2013/03/23 22:09:28 | 000,140,632 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\TODDSrv.exe
[2013/03/23 22:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/23 22:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/03/23 22:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/03/23 22:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/23 22:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/03/23 22:06:07 | 000,802,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1205000.07D\SymEFA64.sys
[2013/03/23 22:06:07 | 000,735,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys
[2013/03/23 22:06:07 | 000,450,608 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1205000.07D\SymDS64.sys
[2013/03/23 22:06:07 | 000,382,072 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys
[2013/03/23 22:06:07 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.sys
[2013/03/23 22:06:07 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys
[2013/03/23 22:05:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2013/03/23 22:05:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1205000.07D
[2013/03/23 22:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/03/23 22:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/03/23 22:03:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e
[2013/03/23 22:01:29 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\TSCI.dll
[2013/03/23 22:01:29 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\THCI.dll
[2013/03/23 22:00:09 | 000,038,096 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\PGEffect.sys
[2013/03/23 21:58:08 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMCTL32.OCX
[2013/03/23 21:58:08 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscomctl.ocx
[2013/03/23 21:58:08 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Comdlg32.ocx
[2013/03/23 21:58:08 | 000,009,728 | ---- | C] (TOSHIBA Corp.) -- C:\windows\SysWow64\TCMSVR.dll
[2013/03/23 21:58:08 | 000,009,216 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\FwLnk.sys
[2013/03/23 21:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2013/03/23 21:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
[2013/03/23 21:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2013/03/23 21:57:45 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2013/03/23 21:57:45 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2013/03/23 21:57:44 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2013/03/23 21:57:44 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2013/03/23 21:57:44 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2013/03/23 21:57:44 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2013/03/23 21:57:44 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2013/03/23 21:57:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2013/03/23 21:57:44 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2013/03/23 21:57:44 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2013/03/23 21:57:43 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2013/03/23 21:57:43 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2013/03/23 21:57:43 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2013/03/23 21:57:43 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2013/03/23 21:57:43 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2013/03/23 21:57:43 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2013/03/23 21:57:43 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2013/03/23 21:57:43 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2013/03/23 21:57:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2013/03/23 21:57:43 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2013/03/23 21:57:43 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2013/03/23 21:57:43 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2013/03/23 21:57:43 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2013/03/23 21:57:43 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2013/03/23 21:57:42 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2013/03/23 21:57:42 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2013/03/23 21:57:42 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2013/03/23 21:57:42 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2013/03/23 21:57:42 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2013/03/23 21:57:42 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2013/03/23 21:57:42 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2013/03/23 21:57:42 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2013/03/23 21:57:42 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2013/03/23 21:57:42 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2013/03/23 21:57:42 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2013/03/23 21:57:42 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2013/03/23 21:57:41 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2013/03/23 21:57:41 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2013/03/23 21:57:41 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2013/03/23 21:57:41 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2013/03/23 21:57:41 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2013/03/23 21:57:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2013/03/23 21:57:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2013/03/23 21:57:41 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2013/03/23 21:57:41 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2013/03/23 21:57:41 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2013/03/23 21:57:40 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2013/03/23 21:57:40 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2013/03/23 21:57:40 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2013/03/23 21:57:40 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2013/03/23 21:57:40 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2013/03/23 21:57:40 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2013/03/23 21:57:40 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2013/03/23 21:57:40 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2013/03/23 21:57:40 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2013/03/23 21:57:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2013/03/23 21:57:39 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2013/03/23 21:57:39 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2013/03/23 21:57:38 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2013/03/23 21:57:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2013/03/23 21:57:38 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2013/03/23 21:57:38 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2013/03/23 21:57:38 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2013/03/23 21:57:38 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2013/03/23 21:57:37 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2013/03/23 21:57:37 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2013/03/23 21:57:37 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2013/03/23 21:57:37 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2013/03/23 21:57:37 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2013/03/23 21:57:37 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2013/03/23 21:57:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2013/03/23 21:57:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2013/03/23 21:57:36 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2013/03/23 21:57:36 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2013/03/23 21:57:36 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2013/03/23 21:57:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2013/03/23 21:53:48 | 001,550,848 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athrx.sys
[2013/03/23 21:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2013/03/23 21:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013/03/23 21:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/03/23 21:48:51 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\sda
[2013/03/23 21:48:46 | 009,112,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysWow64\RtsUStoricon.dll
[2013/03/23 21:48:46 | 000,422,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtsUStor.dll
[2013/03/23 21:48:46 | 000,243,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\drivers\RtsUStor.sys
[2013/03/23 21:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/03/23 21:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2013/03/23 21:45:06 | 000,000,000 | ---D | C] -- C:\Intel
[2013/03/23 21:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2013/03/23 21:43:24 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys
[2013/03/23 21:41:55 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/03/23 21:41:49 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\SysWow64\CSVer.dll
[2013/03/23 21:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/03/23 21:31:07 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Avant Profiles
[2013/03/23 21:31:07 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Avant Downloader
[2013/03/23 21:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avant Browser
[2013/03/23 21:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avant Browser
[2013/03/23 21:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/23 21:17:32 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\mbar-1.01.0.1021
[2013/03/23 21:14:39 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\WinRAR
[2013/03/23 21:14:39 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/23 21:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/23 21:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/03/23 20:54:13 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Users\Toni\Desktop\MicrosoftFixit.IEPerformance.LB.25287516687648365.8.1.Run.exe
[2013/03/23 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Mozilla
[2013/03/23 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Mozilla
[2013/03/23 20:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/23 20:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/23 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/23 19:50:00 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Adobe
[2013/03/23 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Google
[2013/03/23 19:49:49 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Google
[2013/03/23 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Best Buy pc app
[2013/03/23 19:32:14 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Toshiba
[2013/03/23 19:32:13 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\TOSHIBA_Corporation
[2013/03/23 19:30:52 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2013/03/23 19:30:52 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2013/03/23 19:27:57 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Apps
[2013/03/23 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Deployment
[2013/03/23 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Toni\Contacts
[2013/03/23 19:27:17 | 000,000,000 | R--D | C] -- C:\Users\Toni\Searches
[2013/03/23 19:27:17 | 000,000,000 | R--D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/23 19:27:17 | 000,000,000 | -H-D | C] -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/03/23 19:27:17 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\VirtualStore
[2013/03/23 19:27:05 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Identities
[2013/03/23 19:26:41 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/03/23 19:26:40 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/03/23 19:26:36 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/03/23 19:26:20 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/03/23 19:26:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/03/23 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\WinBatch
[2013/03/23 19:25:22 | 000,000,000 | --SD | C] -- C:\Users\Toni\AppData\Roaming\Microsoft
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Videos
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Saved Games
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Pictures
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Music
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Links
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Favorites
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Downloads
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Documents
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\Desktop
[2013/03/23 19:25:22 | 000,000,000 | R--D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\AppData\Local\Temporary Internet Files
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Templates
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Start Menu
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\SendTo
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Recent
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\PrintHood
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\NetHood
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Documents\My Videos
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Documents\My Pictures
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Documents\My Music
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\My Documents
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Local Settings
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\AppData\Local\History
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Cookies
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Application Data
[2013/03/23 19:25:22 | 000,000,000 | -HSD | C] -- C:\Users\Toni\AppData\Local\Application Data
[2013/03/23 19:25:22 | 000,000,000 | -H-D | C] -- C:\Users\Toni\AppData
[2013/03/23 19:25:22 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Temp
[2013/03/23 19:25:22 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Microsoft
[2013/03/23 19:25:22 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Media Center Programs
[2013/03/23 19:25:22 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Macromedia
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/27 11:23:45 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/27 11:23:45 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/27 11:23:27 | 000,743,352 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/27 11:23:27 | 000,636,630 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/27 11:23:27 | 000,110,746 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/27 11:17:03 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/27 11:16:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/27 11:16:20 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/27 10:46:59 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/27 10:36:22 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/27 01:22:57 | 000,227,818 | ---- | M] () -- C:\Users\Toni\Desktop\her_perfect_gift_.epub
[2013/03/27 01:17:25 | 002,410,925 | ---- | M] () -- C:\Users\Toni\Desktop\406.rar
[2013/03/26 18:08:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2013/03/26 13:38:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\jkl.exe
[2013/03/26 13:04:02 | 005,044,718 | R--- | M] (Swearware) -- C:\Users\Toni\Desktop\ComboFix.exe
[2013/03/25 23:59:41 | 005,044,493 | R--- | M] (Swearware) -- C:\Users\Toni\Desktop\great.exe
[2013/03/25 11:11:15 | 000,866,592 | ---- | M] () -- C:\Users\Toni\Desktop\Norton_Removal_Tool.exe
[2013/03/24 20:18:05 | 000,001,182 | ---- | M] () -- C:\Users\Toni\Desktop\PDF-Viewer.lnk
[2013/03/24 17:52:20 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/24 17:43:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Toni\Desktop\HijackThis.exe
[2013/03/24 17:33:10 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Toni\Desktop\dds.scr
[2013/03/24 17:32:29 | 004,190,272 | ---- | M] (Piriform Ltd) -- C:\Users\Toni\Desktop\ccsetup328.exe
[2013/03/24 15:28:07 | 001,476,856 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2013/03/24 15:27:31 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/03/24 13:24:06 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/24 13:24:04 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/03/24 13:24:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/03/24 13:24:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/03/24 13:24:02 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/03/24 13:24:02 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/03/24 12:35:28 | 000,001,275 | ---- | M] () -- C:\Users\Toni\Desktop\Revo Uninstaller.lnk
[2013/03/24 12:32:49 | 000,002,105 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/24 11:39:39 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/03/24 11:37:23 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/24 11:37:23 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/24 11:06:29 | 000,003,299 | ---- | M] () -- C:\Users\Toni\Desktop\Marshall Plan® Novel Writing Software.lnk
[2013/03/24 11:03:29 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/03/24 10:57:05 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/24 10:46:44 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/24 10:44:32 | 000,001,144 | ---- | M] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/03/24 10:44:32 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/24 03:14:10 | 001,476,612 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\Cat.DB
[2013/03/23 22:22:57 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2013/03/23 22:22:57 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2013/03/23 21:50:32 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/03/23 21:46:54 | 000,015,178 | ---- | M] () -- C:\windows\SysNative\results.xml
[2013/03/23 21:31:03 | 000,001,952 | ---- | M] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Avant Browser.lnk
[2013/03/23 21:31:03 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Avant Browser.lnk
[2013/03/23 21:14:39 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/03/23 20:54:13 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Users\Toni\Desktop\MicrosoftFixit.IEPerformance.LB.25287516687648365.8.1.Run.exe
[2013/03/23 20:36:57 | 001,569,316 | ---- | M] () -- C:\Users\Toni\Desktop\good.exe
[2013/03/23 20:32:16 | 013,786,977 | ---- | M] () -- C:\Users\Toni\Desktop\mbar-1.01.0.1021.zip
[2013/03/23 20:01:06 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/23 19:49:44 | 000,001,448 | ---- | M] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/23 19:26:48 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/03/06 18:33:21 | 000,178,624 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/03/06 18:33:21 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/06 18:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/27 01:22:52 | 000,227,818 | ---- | C] () -- C:\Users\Toni\Desktop\her_perfect_gift_.epub
[2013/03/27 01:16:31 | 002,410,925 | ---- | C] () -- C:\Users\Toni\Desktop\406.rar
[2013/03/26 00:01:52 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/26 00:01:52 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/26 00:01:52 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/26 00:01:52 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/26 00:01:52 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/25 11:11:09 | 000,866,592 | ---- | C] () -- C:\Users\Toni\Desktop\Norton_Removal_Tool.exe
[2013/03/24 17:52:20 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/24 15:27:31 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/03/24 14:29:06 | 001,476,856 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2013/03/24 12:35:28 | 000,001,275 | ---- | C] () -- C:\Users\Toni\Desktop\Revo Uninstaller.lnk
[2013/03/24 11:34:33 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/24 11:34:31 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/24 11:30:10 | 000,001,182 | ---- | C] () -- C:\Users\Toni\Desktop\PDF-Viewer.lnk
[2013/03/24 11:06:29 | 000,003,299 | ---- | C] () -- C:\Users\Toni\Desktop\Marshall Plan® Novel Writing Software.lnk
[2013/03/24 11:06:29 | 000,003,259 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marshall Plan® Novel Writing Software.lnk
[2013/03/24 11:03:29 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/03/24 10:57:05 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/24 10:50:36 | 001,347,583 | ---- | C] () -- C:\Users\Toni\Desktop\FictionMakeover.pdf
[2013/03/24 10:50:36 | 000,268,216 | ---- | C] () -- C:\Users\Toni\Desktop\writerslittleblackbook.pdf
[2013/03/24 10:46:44 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/24 10:46:43 | 000,178,624 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/03/24 10:46:43 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/03/24 10:46:43 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2013/03/24 10:44:32 | 000,001,144 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/03/24 10:44:32 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/23 22:08:56 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 22:08:56 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 22:06:01 | 000,003,374 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\SymEFA.inf
[2013/03/23 22:06:01 | 000,002,792 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\SymDS.inf
[2013/03/23 22:06:01 | 000,001,446 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\SymNet.inf
[2013/03/23 22:06:01 | 000,001,438 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.inf
[2013/03/23 22:06:01 | 000,001,422 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.inf
[2013/03/23 22:06:01 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\Iron.inf
[2013/03/23 22:05:54 | 000,007,492 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\iron.cat
[2013/03/23 22:05:54 | 000,007,462 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.cat
[2013/03/23 22:05:54 | 000,007,460 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\SymEFA64.cat
[2013/03/23 22:05:54 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\symnet64.cat
[2013/03/23 22:05:54 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.cat
[2013/03/23 22:05:54 | 000,007,454 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\SymDS64.cat
[2013/03/23 22:05:54 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\isolate.ini
[2013/03/23 21:50:32 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/03/23 21:46:54 | 000,015,178 | ---- | C] () -- C:\windows\SysNative\results.xml
[2013/03/23 21:36:24 | 3117,391,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/23 21:31:03 | 000,001,952 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Avant Browser.lnk
[2013/03/23 21:31:03 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\Avant Browser.lnk
[2013/03/23 21:14:39 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/03/23 20:36:56 | 001,569,316 | ---- | C] () -- C:\Users\Toni\Desktop\good.exe
[2013/03/23 20:31:26 | 013,786,977 | ---- | C] () -- C:\Users\Toni\Desktop\mbar-1.01.0.1021.zip
[2013/03/23 20:01:06 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/23 20:01:06 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/23 19:49:44 | 000,001,448 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/23 19:27:27 | 000,001,454 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/23 19:26:48 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/03/23 19:25:22 | 000,000,290 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/03/23 19:25:22 | 000,000,272 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/03/23 19:25:08 | 001,476,612 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\Cat.DB

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 23:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 23:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*. >
[2013/03/26 15:29:23 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/03/24 13:35:16 | 000,000,000 | ---D | M] -- C:\Boot
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013/03/23 21:45:06 | 000,000,000 | ---D | M] -- C:\Intel
[2013/03/25 11:34:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/03/26 22:42:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/03/27 11:15:24 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013/03/26 13:19:15 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013/03/27 11:21:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/03/23 19:25:17 | 000,000,000 | R--D | M] -- C:\Users
[2013/03/26 13:19:14 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2013/03/26 22:40:50 | 000,026,112 | ---- | M] () -- C:\windows\Installer\10f61.msi
[2011/03/23 21:10:57 | 003,679,232 | ---- | M] () -- C:\windows\Installer\110a5.msi
[2011/03/23 21:10:55 | 035,035,136 | ---- | M] () -- C:\windows\Installer\110ab.msi
[2010/11/16 03:03:30 | 002,523,136 | ---- | M] () -- C:\windows\Installer\110b0.msi
[2010/04/01 02:41:58 | 000,041,984 | ---- | M] () -- C:\windows\Installer\110ba.msi
[2011/03/23 21:13:04 | 020,240,896 | R--- | M] () -- C:\windows\Installer\110c0.msp
[2011/03/23 21:12:59 | 008,810,496 | ---- | M] () -- C:\windows\Installer\110c4.msi
[2011/03/23 21:13:00 | 004,227,072 | ---- | M] () -- C:\windows\Installer\110c8.msi
[2011/03/23 21:13:01 | 002,081,792 | ---- | M] () -- C:\windows\Installer\110cc.msi
[2011/03/23 21:13:01 | 000,026,112 | ---- | M] () -- C:\windows\Installer\110d0.msi
[2011/03/23 21:13:01 | 000,074,240 | ---- | M] () -- C:\windows\Installer\110d4.msi
[2011/03/23 21:13:02 | 000,039,936 | R--- | M] () -- C:\windows\Installer\110d9.msp
[2011/03/23 21:13:03 | 002,856,448 | ---- | M] () -- C:\windows\Installer\110dd.msi
[2011/03/23 21:13:03 | 000,053,248 | ---- | M] () -- C:\windows\Installer\110e1.msi
[2011/03/23 21:13:03 | 000,037,888 | ---- | M] () -- C:\windows\Installer\110e5.msi
[2011/03/23 21:13:04 | 009,433,088 | ---- | M] () -- C:\windows\Installer\110e9.msi
[2011/03/23 21:13:05 | 004,427,776 | R--- | M] () -- C:\windows\Installer\110f8.msp
[2011/03/23 21:13:05 | 007,710,720 | ---- | M] () -- C:\windows\Installer\110fc.msi
[2011/03/23 21:13:07 | 002,932,736 | R--- | M] () -- C:\windows\Installer\11110.msp
[2011/03/23 21:13:06 | 004,680,704 | ---- | M] () -- C:\windows\Installer\11114.msi
[2011/03/23 21:13:07 | 002,343,936 | ---- | M] () -- C:\windows\Installer\11118.msi
[2011/03/23 21:13:07 | 000,147,968 | ---- | M] () -- C:\windows\Installer\1111c.msi
[2011/03/23 21:13:07 | 000,429,056 | ---- | M] () -- C:\windows\Installer\11120.msi
[2011/03/23 21:13:08 | 000,136,704 | R--- | M] () -- C:\windows\Installer\11125.msp
[2011/03/23 21:13:09 | 004,004,864 | ---- | M] () -- C:\windows\Installer\11129.msi
[2011/03/23 21:13:09 | 001,139,712 | R--- | M] () -- C:\windows\Installer\11135.msp
[2011/03/23 21:13:09 | 002,310,656 | ---- | M] () -- C:\windows\Installer\11139.msi
[2011/03/23 21:13:10 | 008,332,288 | ---- | M] () -- C:\windows\Installer\1113d.msi
[2011/03/23 21:13:10 | 003,314,688 | R--- | M] () -- C:\windows\Installer\11159.msp
[2011/03/23 21:13:11 | 021,302,784 | ---- | M] () -- C:\windows\Installer\1115e.msi
[2011/03/23 21:13:13 | 005,514,240 | R--- | M] () -- C:\windows\Installer\11171.msp
[2011/03/23 21:13:12 | 003,664,384 | ---- | M] () -- C:\windows\Installer\11176.msi
[2011/03/23 21:13:13 | 003,734,016 | ---- | M] () -- C:\windows\Installer\1117a.msi
[2011/03/23 21:13:14 | 013,850,624 | ---- | M] () -- C:\windows\Installer\1117e.msi
[2011/03/23 21:13:15 | 005,870,080 | R--- | M] () -- C:\windows\Installer\11195.msp
[2011/03/23 21:13:15 | 008,313,856 | ---- | M] () -- C:\windows\Installer\11199.msi
[2011/03/23 21:13:16 | 002,958,336 | R--- | M] () -- C:\windows\Installer\111b3.msp
[2011/03/23 21:13:16 | 001,819,136 | ---- | M] () -- C:\windows\Installer\111b7.msi
[2011/03/23 21:13:18 | 034,193,408 | ---- | M] () -- C:\windows\Installer\111bb.msi
[2011/03/23 21:13:20 | 014,617,088 | R--- | M] () -- C:\windows\Installer\111e7.msp
[2011/03/23 21:13:21 | 011,846,656 | ---- | M] () -- C:\windows\Installer\111ec.msi
[2011/03/23 21:13:21 | 003,733,504 | R--- | M] () -- C:\windows\Installer\111f5.msp
[2011/03/23 21:13:22 | 000,775,168 | ---- | M] () -- C:\windows\Installer\111fa.msi
[2011/03/23 21:13:22 | 000,205,312 | R--- | M] () -- C:\windows\Installer\11203.msp
[2011/03/23 21:13:23 | 006,363,136 | ---- | M] () -- C:\windows\Installer\11207.msi
[2011/03/23 21:13:23 | 000,113,664 | R--- | M] () -- C:\windows\Installer\11244.msp
[2011/03/23 21:13:24 | 006,195,200 | ---- | M] () -- C:\windows\Installer\11248.msi
[2011/03/23 21:13:24 | 000,067,072 | ---- | M] () -- C:\windows\Installer\1124c.msi
[2011/03/23 21:13:25 | 001,492,992 | ---- | M] () -- C:\windows\Installer\11250.msi
[2011/03/23 21:13:25 | 000,624,640 | R--- | M] () -- C:\windows\Installer\11259.msp
[2011/03/23 21:13:25 | 001,070,592 | ---- | M] () -- C:\windows\Installer\1125d.msi
[2011/03/23 21:13:25 | 000,468,480 | R--- | M] () -- C:\windows\Installer\11267.msp
[2011/03/23 21:13:26 | 006,660,608 | ---- | M] () -- C:\windows\Installer\1126c.msi
[2011/03/23 21:13:27 | 005,124,608 | R--- | M] () -- C:\windows\Installer\11276.msp
[2011/03/23 21:13:27 | 003,410,944 | ---- | M] () -- C:\windows\Installer\1127b.msi
[2011/03/23 21:13:28 | 000,636,928 | R--- | M] () -- C:\windows\Installer\11281.msp
[2011/03/23 21:13:29 | 004,175,360 | ---- | M] () -- C:\windows\Installer\11285.msi
[2011/03/23 21:13:29 | 000,510,976 | R--- | M] () -- C:\windows\Installer\1128a.msp
[2011/03/23 21:13:30 | 004,250,112 | ---- | M] () -- C:\windows\Installer\1128f.msi
[2011/03/23 21:13:31 | 002,144,256 | R--- | M] () -- C:\windows\Installer\1129a.msp
[2011/03/23 21:13:31 | 000,153,600 | ---- | M] () -- C:\windows\Installer\1129f.msi
[2011/03/23 21:13:31 | 000,060,416 | R--- | M] () -- C:\windows\Installer\112a4.msp
[2011/03/23 21:13:32 | 000,029,696 | ---- | M] () -- C:\windows\Installer\112a9.msi
[2011/03/23 21:13:32 | 000,023,552 | R--- | M] () -- C:\windows\Installer\112ae.msp
[2011/03/23 21:13:33 | 002,631,168 | ---- | M] () -- C:\windows\Installer\112b2.msi
[2011/03/23 21:13:33 | 000,074,240 | ---- | M] () -- C:\windows\Installer\112b6.msi
[2010/03/31 01:07:14 | 002,376,704 | ---- | M] () -- C:\windows\Installer\112bb.msi
[2011/03/23 21:05:11 | 001,757,696 | ---- | M] () -- C:\windows\Installer\11a38.msi
[2011/03/23 21:05:37 | 029,130,752 | ---- | M] () -- C:\windows\Installer\11a3d.msi
[2011/03/23 21:06:06 | 031,928,832 | ---- | M] () -- C:\windows\Installer\11a42.msi
[2008/08/08 17:46:10 | 000,242,176 | ---- | M] () -- C:\windows\Installer\11a47.msi
[2011/03/23 21:07:00 | 025,549,312 | ---- | M] () -- C:\windows\Installer\11a4c.msi
[2013/03/26 22:40:50 | 000,026,112 | ---- | M] () -- C:\windows\Installer\11af608.msi
[2009/06/01 08:00:00 | 004,505,600 | ---- | M] () -- C:\windows\Installer\11d81.msi
[2011/03/23 21:09:09 | 002,354,176 | ---- | M] () -- C:\windows\Installer\123ca.msi
[2010/03/18 17:41:24 | 001,901,056 | ---- | M] () -- C:\windows\Installer\1c694.msi
[2009/07/12 15:16:26 | 000,223,232 | ---- | M] () -- C:\windows\Installer\29c04.msi
[2009/07/12 10:43:18 | 000,231,936 | ---- | M] () -- C:\windows\Installer\29c0a.msi
[2013/03/23 22:08:57 | 000,028,160 | ---- | M] () -- C:\windows\Installer\29c14.msi
[2013/03/23 22:09:26 | 007,767,040 | ---- | M] () -- C:\windows\Installer\29c1a.msi
[2013/03/23 22:10:23 | 000,298,496 | ---- | M] () -- C:\windows\Installer\29c25.msi
[2013/03/24 10:57:01 | 020,586,496 | ---- | M] () -- C:\windows\Installer\4aa65.msi
[2013/03/24 00:53:16 | 051,373,568 | ---- | M] () -- C:\windows\Installer\4aa6d.msi
[2011/06/14 09:45:52 | 001,357,824 | ---- | M] () -- C:\windows\Installer\4aa71.msi
[2009/10/27 17:11:26 | 002,641,920 | ---- | M] () -- C:\windows\Installer\7acb6.msi
[2009/10/27 17:11:28 | 000,998,912 | ---- | M] () -- C:\windows\Installer\7acbb.msi
[2013/03/23 21:59:36 | 089,470,532 | ---- | M] () -- C:\windows\Installer\7acc0.msi
[2010/03/19 12:19:04 | 000,155,136 | ---- | M] () -- C:\windows\Installer\7acc5.msi
[2013/03/23 22:00:28 | 048,625,664 | ---- | M] () -- C:\windows\Installer\7acca.msi
[2010/03/17 14:40:18 | 002,728,960 | ---- | M] () -- C:\windows\Installer\7accf.msi
[2013/01/31 00:17:14 | 008,921,088 | ---- | M] () -- C:\windows\Installer\bd2ec.msi
[2013/01/31 00:16:06 | 005,188,096 | ---- | M] () -- C:\windows\Installer\bd2f1.msi
[2013/03/24 13:18:13 | 000,033,792 | ---- | M] () -- C:\windows\Installer\cf10a.msi
[2013/03/24 13:23:07 | 027,872,256 | ---- | M] () -- C:\windows\Installer\cf11f.msi
[2013/03/24 13:24:29 | 000,179,200 | ---- | M] () -- C:\windows\Installer\cf124.msi
[2011/03/23 21:13:44 | 000,000,000 | ---- | M] () -- C:\windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: TONI-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 C TI106140W0C NTFS Partition 296 GB Healthy Boot
Volume 2 System NTFS Partition 1500 MB Healthy Hidden

< End of report >
Back to Top
 

Beauty
New Member


Date Joined Jun 2009
Total Posts : 28
 
   Posted 3/29/2013 6:15 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Hello

Since there was not a response to the last log I will take that as everything is finish.


I would like to thank you Touch for your help. :-)


Sincerely

Beauty
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 3/30/2013 6:02 AM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Arh - sorry for late response. I was in the Easter mood, and had a couple of family birthdays             smile
 
 
 

We need to run an OTL Fix.
 
• Please reopen OTL on your desktop.
• Copy and Paste the following in bold into the  Custom Scan textbox.
 

 
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Value error.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
:Files
C:\Users\Toni\AppData\Local\CrashDumps
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
 
 

• Push  Run Fix Button
• OTL may ask to reboot the machine. Please do so if asked.
• Click OK.
• A report will open. Copy and Paste that report in your next reply, and tell how your computer are behaving ?
 
 

• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.







Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Beauty
New Member


Date Joined Jun 2009
Total Posts : 28
 
   Posted 3/30/2013 7:38 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Hello Touch

I should have waited longer, but I was impatience. Time with friend and family is always necessary. It is Easter and during holidays things are different.

Since my last post things have changed on the computer. I wiped it again, it did not correct the problems and I do not have the same software on it etc., windows did 97 updates, so I ran the Combofix again and the OTL report again.

I did not perform your last instruction with the OTL because of what I did. I felt that you may want to look at the newest Combofix and OTL reports before I followed up as you said with the last post then with your ok I will do what you said. Oh, I did get two report from OTL this time


I will be more patience this time while waiting for a response from you. smile

Thank you

Beauty

---------

ComboFix 13-03-30.01 - Toni 03/30/2013 11:08:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2522 [GMT -4:00]
Running from: c:\users\Toni\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 )))))))))))))))))))))))))))))))
.
.
2013-03-30 15:19 . 2013-03-30 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 15:01 . 2013-03-30 15:01 -------- d-----w- c:\windows\SysWow64\Wat
2013-03-30 15:01 . 2013-03-30 15:01 -------- d-----w- c:\windows\system32\Wat
2013-03-30 14:35 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-03-30 14:35 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-30 14:35 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-30 14:35 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-30 14:23 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-30 14:23 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-30 14:23 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-30 14:23 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-30 14:22 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-30 14:22 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-30 14:22 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-30 14:22 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-30 14:22 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-30 14:22 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-30 14:22 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-30 14:21 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-30 14:21 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-30 14:21 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-30 14:21 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-30 14:21 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-30 03:36 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-30 03:36 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-30 03:36 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-30 03:36 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-30 03:36 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2013-03-30 03:33 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2013-03-30 03:32 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-03-30 03:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-03-30 03:30 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-03-30 03:29 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-03-30 03:28 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-03-30 03:19 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-03-30 03:19 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-03-30 00:50 . 2013-03-30 00:50 -------- d-----w- c:\programdata\CheckPoint
2013-03-29 22:21 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-29 22:21 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-29 21:44 . 2013-03-29 21:44 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-29 21:44 . 2013-03-29 21:44 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-29 21:38 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-29 21:38 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-29 21:38 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-29 21:38 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-29 21:38 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-29 21:38 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-29 21:38 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-29 21:38 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-29 21:38 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-03-29 21:37 . 2013-03-29 21:37 -------- d-----w- c:\programdata\AVAST Software
2013-03-29 21:37 . 2013-03-29 21:37 -------- d-----w- c:\program files\AVAST Software
2013-03-29 21:28 . 2013-03-29 21:28 -------- d-----w- c:\programdata\Malwarebytes
2013-03-29 21:28 . 2013-03-29 21:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-29 21:28 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 20:51 . 2009-07-31 03:22 27784 ----a-w- c:\windows\system32\drivers\tdcmdpst.sys
2013-03-29 20:50 . 2013-03-29 20:50 -------- d-----w- c:\programdata\Best Buy pc app
2013-03-29 20:50 . 2013-03-29 20:50 -------- dc-h--w- c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
2013-03-29 20:50 . 2009-07-28 22:48 140632 ----a-w- c:\windows\system32\TODDSrv.exe
2013-03-29 20:49 . 2013-03-29 20:49 -------- d-----w- c:\program files\Google
2013-03-29 20:49 . 2013-03-29 20:49 -------- d-----w- c:\program files (x86)\Google
2013-03-29 20:46 . 2013-03-29 20:46 -------- d--h--w- c:\windows\msdownld.tmp
2013-03-29 20:46 . 2013-03-29 20:46 -------- d-----w- c:\windows\system32\drivers\NISx64
2013-03-29 20:46 . 2013-03-29 20:53 -------- d-----w- c:\programdata\Norton
2013-03-29 20:44 . 2013-03-29 20:44 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2013-03-29 20:41 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2013-03-29 20:41 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2013-03-29 20:40 . 2011-02-09 02:07 38096 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2013-03-29 20:37 . 2007-10-22 10:40 411656 ----a-w- c:\windows\system32\xactengine2_10.dll
2013-03-29 20:34 . 2013-03-29 20:34 -------- d-----w- c:\program files (x86)\Atheros
2013-03-29 20:34 . 2009-11-06 19:56 1550848 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-03-29 20:33 . 2013-03-29 20:34 -------- d-----w- c:\programdata\Atheros
2013-03-29 20:30 . 2013-03-29 20:30 -------- d-----w- c:\program files\Synaptics
2013-03-29 20:29 . 2013-03-29 20:29 -------- d-----w- c:\windows\SysWow64\sda
2013-03-29 20:29 . 2013-03-29 20:29 -------- d-----w- c:\program files (x86)\Realtek
2013-03-29 20:29 . 2010-10-08 18:49 9112168 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2013-03-29 20:29 . 2010-10-08 18:49 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2013-03-29 20:29 . 2010-10-08 18:49 243712 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2013-03-29 20:28 . 2013-03-29 20:28 -------- d-----w- c:\program files\CONEXANT
2013-03-29 20:25 . 2013-03-29 20:25 -------- d-----w- C:\Intel
2013-03-29 20:23 . 2009-08-07 12:24 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2013-03-29 20:22 . 2013-03-29 20:25 -------- d-----w- c:\program files (x86)\Intel
2013-03-29 20:22 . 2009-11-18 23:03 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-03-29 19:50 . 2013-03-29 20:16 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-29 19:50 . 2013-03-29 20:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-29 19:50 . 2013-03-29 19:50 -------- d-----w- c:\windows\system32\Macromed
2013-03-29 19:42 . 2013-03-29 19:42 -------- d-----w- c:\program files (x86)\Avant Browser
2013-03-29 18:12 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-03-29 18:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-03-29 18:12 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-03-29 18:07 . 2013-03-29 18:07 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2013-03-29 18:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-29 18:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-29 18:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-03-29 18:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-03-29 18:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-03-29 18:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-03-29 18:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-03-29 18:07 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-29 18:07 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-03-29 18:06 . 2013-03-29 18:08 -------- d-----w- c:\users\Toni
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-29 18:06 . 2010-06-24 18:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-12 05:45 . 2013-03-30 03:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-30 03:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-30 03:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-30 03:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-30 03:30 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-30 03:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-04 04:43 . 2013-03-30 03:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 aswVmm;aswVmm; [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-30 1255736]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-29 20:16]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29 20:49]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\q3ak3z5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-03-29 17:47; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-30 11:41:45
ComboFix-quarantined-files.txt 2013-03-30 15:41
ComboFix2.txt 2013-03-29 21:01
.
Pre-Run: 279,236,239,360 bytes free
Post-Run: 279,021,240,320 bytes free
.
- - End Of File - - C19BC3144BC99E6B7B5B0E3AE37EED66
--------------


OTL logfile created on: 3/30/2013 11:52:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.78% Memory free
7.74 Gb Paging File | 6.51 Gb Available in Paging File | 84.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 259.93 Gb Free Space | 91.06% Space Free | Partition Type: NTFS
Drive E: | 488.28 Gb Total Space | 163.08 Gb Free Space | 33.40% Space Free | Partition Type: NTFS

Computer Name: TONI-PC | User Name: Toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/30 11:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/29 16:16:24 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/13 14:09:08 | 000,297,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/16 14:13:00 | 000,733,824 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 12:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\..\SearchScopes,DefaultScope = {D093216A-CCDF-4FE4-A9F7-B8B0CFDF0C9D}
IE - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS529
IE - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\..\SearchScopes\{D093216A-CCDF-4FE4-A9F7-B8B0CFDF0C9D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/29 18:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/29 15:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/29 15:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\Mozilla\Extensions
[2013/03/29 15:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/29 18:21:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1354588641-1740646661-3474411197-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04D47C4C-E24D-4E0E-BF88-C73D0EA3F096}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44BC72E1-6C5B-45BB-B54D-5A38787C9EB5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{D38C90BD-8360-4405-8158-4FB592093488} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/30 11:51:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2013/03/30 11:42:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/30 11:01:19 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2013/03/30 11:01:19 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2013/03/30 10:35:56 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2013/03/30 10:35:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2013/03/30 10:30:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/03/30 10:30:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/03/30 10:30:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/30 10:30:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/30 10:30:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/30 10:30:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/30 10:30:38 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/30 10:30:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/30 10:30:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/30 10:30:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/03/30 10:30:38 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/03/30 10:30:38 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/03/30 10:30:38 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/03/30 10:30:38 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/03/30 10:30:38 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/03/30 10:30:38 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2013/03/30 10:30:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/30 10:30:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/30 10:30:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/30 10:30:38 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2013/03/30 10:30:38 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/03/30 10:30:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/03/30 10:30:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/30 10:30:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/30 10:30:38 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/03/30 10:30:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2013/03/30 10:30:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2013/03/30 10:30:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/03/30 10:30:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/03/30 10:30:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2013/03/30 10:30:38 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/03/30 10:30:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/03/30 10:30:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/03/30 10:30:38 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/03/30 10:30:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/30 10:30:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/03/30 10:30:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2013/03/30 10:30:38 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/03/30 10:30:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/03/30 10:30:38 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2013/03/30 10:30:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/03/30 10:30:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/03/30 10:30:38 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/03/30 10:30:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2013/03/30 10:30:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/30 10:30:38 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/03/30 10:30:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/03/30 10:30:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/03/30 10:30:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/03/30 10:30:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/03/30 10:30:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/03/30 10:30:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/03/30 10:30:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/03/30 10:30:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/03/30 10:30:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/30 10:30:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/03/30 10:30:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2013/03/30 10:30:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/30 10:30:38 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/03/30 10:30:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/03/30 10:30:38 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/03/30 10:30:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/03/30 10:30:38 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/03/30 10:30:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/03/30 10:30:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/03/30 10:30:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/03/30 10:30:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/03/30 10:30:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/03/30 10:30:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/03/30 10:30:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/03/30 10:30:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/03/30 10:30:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/03/30 10:23:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/03/30 10:23:25 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/03/30 10:23:25 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/03/30 10:23:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/03/30 10:22:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2013/03/30 10:22:43 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2013/03/30 10:22:43 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2013/03/30 10:22:43 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2013/03/30 10:21:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/03/30 10:21:21 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2013/03/30 10:17:39 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/29 23:40:42 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Adobe
[2013/03/29 23:36:23 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/03/29 23:36:22 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/03/29 23:36:21 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/03/29 23:36:20 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
[2013/03/29 23:34:44 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/03/29 23:34:44 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/03/29 23:34:43 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll
[2013/03/29 23:34:43 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll
[2013/03/29 23:34:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll
[2013/03/29 23:34:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll
[2013/03/29 23:34:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll
[2013/03/29 23:34:43 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll
[2013/03/29 23:34:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll
[2013/03/29 23:34:42 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll
[2013/03/29 23:34:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll
[2013/03/29 23:34:26 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/03/29 23:34:19 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2013/03/29 23:34:19 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2013/03/29 23:34:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2013/03/29 23:34:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2013/03/29 23:34:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2013/03/29 23:34:09 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2013/03/29 23:34:09 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2013/03/29 23:33:50 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2013/03/29 23:33:50 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2013/03/29 23:33:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2013/03/29 23:33:49 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2013/03/29 23:33:44 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2013/03/29 23:33:41 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2013/03/29 23:33:41 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2013/03/29 23:33:40 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2013/03/29 23:33:40 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2013/03/29 23:33:40 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2013/03/29 23:33:39 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2013/03/29 23:33:39 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2013/03/29 23:33:39 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2013/03/29 23:33:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2013/03/29 23:33:39 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2013/03/29 23:33:39 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2013/03/29 23:33:39 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2013/03/29 23:33:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2013/03/29 23:33:35 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2013/03/29 23:33:35 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2013/03/29 23:33:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/03/29 23:33:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2013/03/29 23:33:30 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2013/03/29 23:33:29 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42.dll
[2013/03/29 23:33:29 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42u.dll
[2013/03/29 23:33:28 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42u.dll
[2013/03/29 23:33:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42.dll
[2013/03/29 23:33:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/03/29 23:33:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/03/29 23:32:40 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnsapi.dll
[2013/03/29 23:32:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnscacheugc.exe
[2013/03/29 23:32:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dnscacheugc.exe
[2013/03/29 23:32:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
[2013/03/29 23:32:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2013/03/29 23:32:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2013/03/29 23:32:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/29 23:32:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2013/03/29 23:32:34 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/03/29 23:32:34 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/03/29 23:32:34 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/03/29 23:32:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/03/29 23:32:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2013/03/29 23:32:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2013/03/29 23:32:04 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2013/03/29 23:32:04 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2013/03/29 23:32:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2013/03/29 23:32:03 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2013/03/29 23:32:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2013/03/29 23:32:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2013/03/29 23:31:59 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2013/03/29 23:31:37 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2013/03/29 23:31:37 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2013/03/29 23:31:37 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/03/29 23:31:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/03/29 23:31:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/03/29 23:31:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/03/29 23:31:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/03/29 23:31:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/03/29 23:31:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/03/29 23:31:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/03/29 23:31:29 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
[2013/03/29 23:30:41 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/03/29 23:30:39 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2013/03/29 23:30:39 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/03/29 23:30:35 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/03/29 23:30:35 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/03/29 23:30:35 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/03/29 23:30:35 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/03/29 23:30:35 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/03/29 23:30:35 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/03/29 23:30:35 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/03/29 23:30:34 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/03/29 23:30:34 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/03/29 23:30:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/03/29 23:30:34 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/03/29 23:30:34 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/03/29 23:30:34 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/03/29 23:30:34 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/03/29 23:30:34 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/03/29 23:30:34 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/03/29 23:30:34 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/03/29 23:30:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/03/29 23:30:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/03/29 23:30:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/03/29 23:30:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/03/29 23:30:34 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/03/29 23:30:34 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/03/29 23:30:33 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/03/29 23:30:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/03/29 23:30:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/03/29 23:30:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/03/29 23:30:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/03/29 23:30:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/03/29 23:30:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/03/29 23:30:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/03/29 23:30:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/03/29 23:30:24 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2013/03/29 23:30:24 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2013/03/29 23:30:24 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2013/03/29 23:30:24 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2013/03/29 23:30:01 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2013/03/29 23:29:52 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/03/29 23:29:52 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/03/29 23:29:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/03/29 23:29:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/03/29 23:29:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/03/29 23:29:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/03/29 23:29:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/03/29 23:29:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/03/29 23:29:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/03/29 23:29:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/03/29 23:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/03/29 23:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/03/29 23:29:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/03/29 23:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/03/29 23:29:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/03/29 23:29:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/03/29 23:29:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/03/29 23:29:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/03/29 23:29:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/03/29 23:29:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/03/29 23:29:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/03/29 23:29:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/03/29 23:29:33 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013/03/29 23:29:16 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2013/03/29 23:29:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2013/03/29 23:29:15 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/03/29 23:29:15 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/03/29 23:29:15 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/03/29 23:29:15 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/03/29 23:29:15 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdusb.dll
[2013/03/29 23:29:15 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd1394.dll
[2013/03/29 23:29:15 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdcom.dll
[2013/03/29 23:29:12 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/03/29 23:28:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2013/03/29 23:28:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2013/03/29 23:28:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2013/03/29 23:28:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\devrtl.dll
[2013/03/29 23:28:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2013/03/29 23:28:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prevhost.exe
[2013/03/29 23:28:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prevhost.exe
[2013/03/29 23:28:51 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2013/03/29 23:28:33 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FXSCOVER.exe
[2013/03/29 23:28:32 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2013/03/29 23:28:30 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/03/29 23:25:39 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\CheckPoint
[2013/03/29 23:19:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2013/03/29 23:19:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2013/03/29 23:13:52 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2013/03/29 23:13:51 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2013/03/29 23:13:46 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2013/03/29 23:13:46 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2013/03/29 23:13:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2013/03/29 20:58:50 | 002,398,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Users\Toni\Desktop\zafwSetupWeb_110_000_057.exe
[2013/03/29 20:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/03/29 18:48:26 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\uTorrent
[2013/03/29 18:13:29 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\ElevatedDiagnostics
[2013/03/29 17:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/29 17:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/29 17:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/29 17:38:31 | 000,377,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/03/29 17:38:31 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/03/29 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/29 17:38:30 | 000,070,992 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/03/29 17:38:30 | 000,068,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/03/29 17:38:29 | 001,025,808 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/03/29 17:38:23 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/03/29 17:38:22 | 000,287,840 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/03/29 17:38:07 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2013/03/29 17:38:07 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/29 17:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/29 17:30:17 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Programs
[2013/03/29 17:28:30 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Malwarebytes
[2013/03/29 17:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/29 17:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/29 17:28:23 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/29 17:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/29 17:15:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/03/29 16:51:51 | 000,027,784 | ---- | C] (TOSHIBA Corporation.) -- C:\windows\SysNative\drivers\tdcmdpst.sys
[2013/03/29 16:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Best Buy pc app
[2013/03/29 16:50:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
[2013/03/29 16:50:02 | 000,140,632 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\TODDSrv.exe
[2013/03/29 16:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/29 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/03/29 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/03/29 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/29 16:46:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2013/03/29 16:46:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1205000.07D
[2013/03/29 16:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/03/29 16:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/03/29 16:44:07 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e
[2013/03/29 16:41:40 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\TSCI.dll
[2013/03/29 16:41:40 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\THCI.dll
[2013/03/29 16:40:22 | 000,038,096 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\PGEffect.sys
[2013/03/29 16:39:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/29 16:39:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/29 16:39:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/29 16:38:21 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMCTL32.OCX
[2013/03/29 16:38:21 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscomctl.ocx
[2013/03/29 16:38:21 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Comdlg32.ocx
[2013/03/29 16:38:21 | 000,009,728 | ---- | C] (TOSHIBA Corp.) -- C:\windows\SysWow64\TCMSVR.dll
[2013/03/29 16:38:21 | 000,009,216 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\FwLnk.sys
[2013/03/29 16:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2013/03/29 16:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
[2013/03/29 16:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2013/03/29 16:37:57 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2013/03/29 16:37:57 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2013/03/29 16:37:57 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2013/03/29 16:37:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2013/03/29 16:37:57 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2013/03/29 16:37:57 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2013/03/29 16:37:56 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2013/03/29 16:37:56 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2013/03/29 16:37:56 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2013/03/29 16:37:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2013/03/29 16:37:56 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2013/03/29 16:37:56 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2013/03/29 16:37:56 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2013/03/29 16:37:56 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2013/03/29 16:37:56 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2013/03/29 16:37:56 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2013/03/29 16:37:55 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2013/03/29 16:37:55 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2013/03/29 16:37:55 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2013/03/29 16:37:55 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2013/03/29 16:37:55 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2013/03/29 16:37:55 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2013/03/29 16:37:55 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2013/03/29 16:37:55 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2013/03/29 16:37:55 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2013/03/29 16:37:55 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2013/03/29 16:37:55 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2013/03/29 16:37:55 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2013/03/29 16:37:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2013/03/29 16:37:55 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2013/03/29 16:37:55 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2013/03/29 16:37:55 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2013/03/29 16:37:55 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2013/03/29 16:37:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2013/03/29 16:37:54 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2013/03/29 16:37:54 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2013/03/29 16:37:54 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2013/03/29 16:37:54 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2013/03/29 16:37:54 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2013/03/29 16:37:54 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2013/03/29 16:37:54 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2013/03/29 16:37:54 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2013/03/29 16:37:53 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2013/03/29 16:37:53 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2013/03/29 16:37:53 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2013/03/29 16:37:53 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2013/03/29 16:37:53 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2013/03/29 16:37:53 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2013/03/29 16:37:53 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2013/03/29 16:37:53 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2013/03/29 16:37:53 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2013/03/29 16:37:53 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2013/03/29 16:37:52 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2013/03/29 16:37:52 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2013/03/29 16:37:52 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2013/03/29 16:37:52 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2013/03/29 16:37:52 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2013/03/29 16:37:52 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2013/03/29 16:37:51 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2013/03/29 16:37:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2013/03/29 16:37:51 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2013/03/29 16:37:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2013/03/29 16:37:51 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2013/03/29 16:37:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2013/03/29 16:37:50 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2013/03/29 16:37:50 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2013/03/29 16:37:50 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2013/03/29 16:37:50 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2013/03/29 16:37:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2013/03/29 16:37:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2013/03/29 16:37:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2013/03/29 16:37:50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2013/03/29 16:37:49 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2013/03/29 16:37:49 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2013/03/29 16:37:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2013/03/29 16:37:49 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2013/03/29 16:36:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/29 16:36:43 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/03/29 16:34:03 | 001,550,848 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athrx.sys
[2013/03/29 16:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2013/03/29 16:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013/03/29 16:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/03/29 16:29:06 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\sda
[2013/03/29 16:29:01 | 009,112,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysWow64\RtsUStoricon.dll
[2013/03/29 16:29:01 | 000,422,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtsUStor.dll
[2013/03/29 16:29:01 | 000,243,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\drivers\RtsUStor.sys
[2013/03/29 16:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/03/29 16:28:26 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Users\Toni\Desktop\MicrosoftFixit.Performance.RNP.25288019394528901.2.1.Run.exe
[2013/03/29 16:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2013/03/29 16:25:21 | 000,000,000 | ---D | C] -- C:\Intel
[2013/03/29 16:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2013/03/29 16:23:38 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys
[2013/03/29 16:22:09 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/03/29 16:22:03 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\SysWow64\CSVer.dll
[2013/03/29 16:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/03/29 16:19:47 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Macromedia
[2013/03/29 15:50:44 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/29 15:50:44 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/29 15:50:42 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013/03/29 15:43:02 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Avant Downloader
[2013/03/29 15:43:01 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Avant Profiles
[2013/03/29 15:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avant Browser
[2013/03/29 15:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avant Browser
[2013/03/29 15:36:35 | 005,045,456 | R--- | C] (Swearware) -- C:\Users\Toni\Desktop\ComboFix.exe
[2013/03/29 15:34:28 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Mozilla
[2013/03/29 15:34:28 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Mozilla
[2013/03/29 15:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/29 14:54:01 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Tific
[2013/03/29 14:54:00 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Symantec
[2013/03/29 14:25:04 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Adobe
[2013/03/29 14:24:55 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Google
[2013/03/29 14:24:52 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Google
[2013/03/29 14:16:49 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Best Buy pc app
[2013/03/29 14:12:40 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Toshiba
[2013/03/29 14:12:39 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\TOSHIBA_Corporation
[2013/03/29 14:12:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2013/03/29 14:12:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2013/03/29 14:09:53 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
[2013/03/29 14:09:40 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Deployment
[2013/03/29 14:09:40 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Apps
[2013/03/29 14:08:35 | 000,000,000 | R--D | C] -- C:\Users\Toni\Searches
[2013/03/29 14:08:35 | 000,000,000 | R--D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/29 14:08:35 | 000,000,000 | -H-D | C] -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/03/29 14:08:24 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Identities
[2013/03/29 14:08:20 | 000,000,000 | R--D | C] -- C:\Users\Toni\Contacts
[2013/03/29 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\VirtualStore
[2013/03/29 14:07:44 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/03/29 14:07:44 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/03/29 14:07:44 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/03/29 14:07:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2013/03/29 14:07:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2013/03/29 14:07:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2013/03/29 14:07:23 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/03/29 14:07:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/03/29 14:07:00 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\WinBatch
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\AppData\Local\Temporary Internet Files
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Templates
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Start Menu
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\SendTo
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Recent
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\PrintHood
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\NetHood
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Documents\My Videos
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Documents\My Pictures
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Documents\My Music
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\My Documents
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Local Settings
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\AppData\Local\History
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Cookies
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\Application Data
[2013/03/29 14:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Toni\AppData\Local\Application Data
[2013/03/29 14:06:24 | 000,000,000 | --SD | C] -- C:\Users\Toni\AppData\Roaming\Microsoft
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Videos
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Saved Games
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Pictures
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Music
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Links
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Favorites
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Downloads
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Documents
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\Desktop
[2013/03/29 14:06:24 | 000,000,000 | R--D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/29 14:06:24 | 000,000,000 | -H-D | C] -- C:\Users\Toni\AppData
[2013/03/29 14:06:24 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Temp
[2013/03/29 14:06:24 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Microsoft
[2013/03/29 14:06:24 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Media Center Programs
[2013/03/29 14:06:24 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Macromedia
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/30 11:54:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/30 11:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2013/03/30 11:46:19 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/30 11:46:19 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/30 11:46:19 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/30 11:29:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/30 11:15:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/30 11:09:25 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/30 11:09:25 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/30 11:06:21 | 005,045,456 | R--- | M] (Swearware) -- C:\Users\Toni\Desktop\ComboFix.exe
[2013/03/30 11:05:13 | 000,001,452 | ---- | M] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/30 11:05:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/30 11:03:14 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/03/30 11:02:57 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/30 10:30:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/03/30 10:30:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/03/30 10:30:38 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/30 10:30:38 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/30 10:30:38 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/30 10:30:38 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/30 10:30:38 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/30 10:30:38 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/30 10:30:38 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/30 10:30:38 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/03/30 10:30:38 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/03/30 10:30:38 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/03/30 10:30:38 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/03/30 10:30:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/03/30 10:30:38 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/03/30 10:30:38 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2013/03/30 10:30:38 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/30 10:30:38 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/30 10:30:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/30 10:30:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2013/03/30 10:30:38 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/03/30 10:30:38 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/03/30 10:30:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/30 10:30:38 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/30 10:30:38 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/03/30 10:30:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2013/03/30 10:30:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2013/03/30 10:30:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/03/30 10:30:38 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/03/30 10:30:38 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2013/03/30 10:30:38 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/03/30 10:30:38 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/03/30 10:30:38 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/03/30 10:30:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/03/30 10:30:38 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/30 10:30:38 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/03/30 10:30:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2013/03/30 10:30:38 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/03/30 10:30:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/03/30 10:30:38 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2013/03/30 10:30:38 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/03/30 10:30:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/03/30 10:30:38 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/03/30 10:30:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2013/03/30 10:30:38 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/30 10:30:38 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/03/30 10:30:38 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/03/30 10:30:38 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/03/30 10:30:38 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/03/30 10:30:38 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/03/30 10:30:38 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/03/30 10:30:38 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/03/30 10:30:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/03/30 10:30:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/03/30 10:30:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/30 10:30:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/03/30 10:30:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2013/03/30 10:30:38 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/30 10:30:38 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/30 10:30:38 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/03/30 10:30:38 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/03/30 10:30:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/03/30 10:30:38 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/03/30 10:30:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/03/30 10:30:38 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/03/30 10:30:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/03/30 10:30:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/03/30 10:30:38 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/03/30 10:30:38 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/03/30 10:30:38 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/03/30 10:30:38 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/03/30 10:30:38 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/03/30 10:30:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/03/30 10:30:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/03/29 20:58:55 | 002,398,248 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Toni\Desktop\zafwSetupWeb_110_000_057.exe
[2013/03/29 18:21:24 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/03/29 17:38:31 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/29 17:31:12 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/29 17:04:13 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2013/03/29 17:04:13 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2013/03/29 16:30:47 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/03/29 16:28:32 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Users\Toni\Desktop\MicrosoftFixit.Performance.RNP.25288019394528901.2.1.Run.exe
[2013/03/29 16:27:09 | 000,015,182 | ---- | M] () -- C:\windows\SysNative\results.xml
[2013/03/29 16:16:23 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/29 16:16:23 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/29 15:42:57 | 000,001,956 | ---- | M] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Avant Browser.lnk
[2013/03/29 15:42:57 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\Avant Browser.lnk
[2013/03/29 15:34:24 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/29 14:11:22 | 001,246,352 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\Cat.DB
[2013/03/29 14:09:53 | 000,000,398 | ---- | M] () -- C:\Users\Toni\Desktop\pc app.appref-ms
[2013/03/29 14:07:52 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/03/06 18:33:21 | 000,178,624 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/03/06 18:33:21 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/06 18:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/30 11:05:13 | 000,001,424 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/03/30 10:35:59 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/03/30 10:30:38 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/30 10:30:38 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/03/30 10:22:43 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/29 18:21:24 | 000,178,624 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/03/29 18:21:24 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/03/29 17:38:31 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/29 17:38:22 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2013/03/29 17:30:37 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/29 16:49:13 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/29 16:49:12 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/29 16:39:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/29 16:39:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/29 16:39:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/29 16:39:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/29 16:39:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/29 16:30:47 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/03/29 16:27:09 | 000,015,182 | ---- | C] () -- C:\windows\SysNative\results.xml
[2013/03/29 16:16:19 | 3117,391,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/29 15:50:44 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/29 15:42:57 | 000,001,956 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Avant Browser.lnk
[2013/03/29 15:42:57 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\Avant Browser.lnk
[2013/03/29 15:34:23 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/29 15:34:22 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/29 14:24:48 | 000,001,452 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/29 14:09:55 | 000,000,398 | ---- | C] () -- C:\Users\Toni\Desktop\pc app.appref-ms
[2013/03/29 14:09:07 | 000,001,458 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/29 14:07:52 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/03/29 14:06:24 | 000,000,290 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/03/29 14:06:24 | 000,000,272 | ---- | C] () -- C:\Users\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/03/29 14:06:11 | 001,246,352 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1205000.07D\Cat.DB

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*. >
[2011/03/24 13:35:16 | 000,000,000 | ---D | M] -- C:\Boot
[2013/03/30 11:02:54 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013/03/29 16:25:21 | 000,000,000 | ---D | M] -- C:\Intel
[2013/03/30 11:02:56 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/03/30 11:02:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/03/29 20:50:57 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013/03/30 11:42:13 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013/03/30 11:53:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/03/29 14:06:19 | 000,000,000 | R--D | M] -- C:\Users
[2013/03/30 11:42:05 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2011/03/23 21:10:57 | 003,679,232 | ---- | M] () -- C:\windows\Installer\110a5.msi
[2011/03/23 21:10:55 | 035,035,136 | ---- | M] () -- C:\windows\Installer\110ab.msi
[2010/11/16 03:03:30 | 002,523,136 | ---- | M] () -- C:\windows\Installer\110b0.msi
[2011/03/23 21:12:59 | 008,810,496 | ---- | M] () -- C:\windows\Installer\110c4.msi
[2011/03/23 21:13:00 | 004,227,072 | ---- | M] () -- C:\windows\Installer\110c8.msi
[2011/03/23 21:13:01 | 002,081,792 | ---- | M] () -- C:\windows\Installer\110cc.msi
[2011/03/23 21:13:01 | 000,026,112 | ---- | M] () -- C:\windows\Installer\110d0.msi
[2011/03/23 21:13:01 | 000,074,240 | ---- | M] () -- C:\windows\Installer\110d4.msi
[2011/03/23 21:13:02 | 000,039,936 | R--- | M] () -- C:\windows\Installer\110d9.msp
[2011/03/23 21:13:03 | 002,856,448 | ---- | M] () -- C:\windows\Installer\110dd.msi
[2011/03/23 21:13:03 | 000,053,248 | ---- | M] () -- C:\windows\Installer\110e1.msi
[2011/03/23 21:13:03 | 000,037,888 | ---- | M] () -- C:\windows\Installer\110e5.msi
[2011/03/23 21:13:04 | 009,433,088 | ---- | M] () -- C:\windows\Installer\110e9.msi
[2011/03/23 21:13:05 | 004,427,776 | R--- | M] () -- C:\windows\Installer\110f8.msp
[2011/03/23 21:13:05 | 007,710,720 | ---- | M] () -- C:\windows\Installer\110fc.msi
[2011/03/23 21:13:07 | 002,932,736 | R--- | M] () -- C:\windows\Installer\11110.msp
[2011/03/23 21:13:06 | 004,680,704 | ---- | M] () -- C:\windows\Installer\11114.msi
[2011/03/23 21:13:07 | 002,343,936 | ---- | M] () -- C:\windows\Installer\11118.msi
[2011/03/23 21:13:07 | 000,147,968 | ---- | M] () -- C:\windows\Installer\1111c.msi
[2011/03/23 21:13:07 | 000,429,056 | ---- | M] () -- C:\windows\Installer\11120.msi
[2011/03/23 21:13:08 | 000,136,704 | R--- | M] () -- C:\windows\Installer\11125.msp
[2011/03/23 21:13:09 | 004,004,864 | ---- | M] () -- C:\windows\Installer\11129.msi
[2011/03/23 21:13:09 | 001,139,712 | R--- | M] () -- C:\windows\Installer\11135.msp
[2011/03/23 21:13:09 | 002,310,656 | ---- | M] () -- C:\windows\Installer\11139.msi
[2011/03/23 21:13:10 | 008,332,288 | ---- | M] () -- C:\windows\Installer\1113d.msi
[2011/03/23 21:13:10 | 003,314,688 | R--- | M] () -- C:\windows\Installer\11159.msp
[2011/03/23 21:13:11 | 021,302,784 | ---- | M] () -- C:\windows\Installer\1115e.msi
[2011/03/23 21:13:13 | 005,514,240 | R--- | M] () -- C:\windows\Installer\11171.msp
[2011/03/23 21:13:12 | 003,664,384 | ---- | M] () -- C:\windows\Installer\11176.msi
[2011/03/23 21:13:13 | 003,734,016 | ---- | M] () -- C:\windows\Installer\1117a.msi
[2011/03/23 21:13:14 | 013,850,624 | ---- | M] () -- C:\windows\Installer\1117e.msi
[2011/03/23 21:13:15 | 005,870,080 | R--- | M] () -- C:\windows\Installer\11195.msp
[2011/03/23 21:13:15 | 008,313,856 | ---- | M] () -- C:\windows\Installer\11199.msi
[2011/03/23 21:13:16 | 002,958,336 | R--- | M] () -- C:\windows\Installer\111b3.msp
[2011/03/23 21:13:16 | 001,819,136 | ---- | M] () -- C:\windows\Installer\111b7.msi
[2011/03/23 21:13:18 | 034,193,408 | ---- | M] () -- C:\windows\Installer\111bb.msi
[2011/03/23 21:13:20 | 014,617,088 | R--- | M] () -- C:\windows\Installer\111e7.msp
[2011/03/23 21:13:21 | 011,846,656 | ---- | M] () -- C:\windows\Installer\111ec.msi
[2011/03/23 21:13:21 | 003,733,504 | R--- | M] () -- C:\windows\Installer\111f5.msp
[2011/03/23 21:13:22 | 000,775,168 | ---- | M] () -- C:\windows\Installer\111fa.msi
[2011/03/23 21:13:22 | 000,205,312 | R--- | M] () -- C:\windows\Installer\11203.msp
[2011/03/23 21:13:23 | 006,363,136 | ---- | M] () -- C:\windows\Installer\11207.msi
[2011/03/23 21:13:23 | 000,113,664 | R--- | M] () -- C:\windows\Installer\11244.msp
[2011/03/23 21:13:24 | 006,195,200 | ---- | M] () -- C:\windows\Installer\11248.msi
[2011/03/23 21:13:24 | 000,067,072 | ---- | M] () -- C:\windows\Installer\1124c.msi
[2011/03/23 21:13:25 | 001,492,992 | ---- | M] () -- C:\windows\Installer\11250.msi
[2011/03/23 21:13:25 | 000,624,640 | R--- | M] () -- C:\windows\Installer\11259.msp
[2011/03/23 21:13:25 | 001,070,592 | ---- | M] () -- C:\windows\Installer\1125d.msi
[2011/03/23 21:13:25 | 000,468,480 | R--- | M] () -- C:\windows\Installer\11267.msp
[2011/03/23 21:13:26 | 006,660,608 | ---- | M] () -- C:\windows\Installer\1126c.msi
[2011/03/23 21:13:27 | 005,124,608 | R--- | M] () -- C:\windows\Installer\11276.msp
[2011/03/23 21:13:27 | 003,410,944 | ---- | M] () -- C:\windows\Installer\1127b.msi
[2011/03/23 21:13:28 | 000,636,928 | R--- | M] () -- C:\windows\Installer\11281.msp
[2011/03/23 21:13:29 | 004,175,360 | ---- | M] () -- C:\windows\Installer\11285.msi
[2011/03/23 21:13:29 | 000,510,976 | R--- | M] () -- C:\windows\Installer\1128a.msp
[2011/03/23 21:13:30 | 004,250,112 | ---- | M] () -- C:\windows\Installer\1128f.msi
[2011/03/23 21:13:31 | 002,144,256 | R--- | M] () -- C:\windows\Installer\1129a.msp
[2011/03/23 21:13:31 | 000,153,600 | ---- | M] () -- C:\windows\Installer\1129f.msi
[2011/03/23 21:13:31 | 000,060,416 | R--- | M] () -- C:\windows\Installer\112a4.msp
[2011/03/23 21:13:32 | 000,029,696 | ---- | M] () -- C:\windows\Installer\112a9.msi
[2011/03/23 21:13:32 | 000,023,552 | R--- | M] () -- C:\windows\Installer\112ae.msp
[2011/03/23 21:13:33 | 002,631,168 | ---- | M] () -- C:\windows\Installer\112b2.msi
[2011/03/23 21:13:33 | 000,074,240 | ---- | M] () -- C:\windows\Installer\112b6.msi
[2010/03/31 01:07:14 | 002,376,704 | ---- | M] () -- C:\windows\Installer\112bb.msi
[2011/03/23 21:05:11 | 001,757,696 | ---- | M] () -- C:\windows\Installer\11a38.msi
[2011/03/23 21:05:37 | 029,130,752 | ---- | M] () -- C:\windows\Installer\11a3d.msi
[2011/03/23 21:06:06 | 031,928,832 | ---- | M] () -- C:\windows\Installer\11a42.msi
[2008/08/08 17:46:10 | 000,242,176 | ---- | M] () -- C:\windows\Installer\11a47.msi
[2011/03/23 21:07:00 | 025,549,312 | ---- | M] () -- C:\windows\Installer\11a4c.msi
[2009/06/01 08:00:00 | 004,505,600 | ---- | M] () -- C:\windows\Installer\11d81.msi
[2011/03/23 21:09:09 | 002,354,176 | ---- | M] () -- C:\windows\Installer\123ca.msi
[2013/03/29 23:40:27 | 000,033,792 | ---- | M] () -- C:\windows\Installer\1d0d9e.msi
[2013/01/24 22:46:08 | 000,037,888 | ---- | M] () -- C:\windows\Installer\26423.msi
[2013/03/29 17:44:28 | 053,209,600 | R--- | M] () -- C:\windows\Installer\2642a.msp
[2009/07/12 15:16:26 | 000,223,232 | ---- | M] () -- C:\windows\Installer\2960b.msi
[2009/07/12 10:43:18 | 000,231,936 | ---- | M] () -- C:\windows\Installer\29611.msi
[2013/03/29 16:49:07 | 000,025,088 | ---- | M] () -- C:\windows\Installer\29616.msi
[2013/03/29 16:49:28 | 000,028,160 | ---- | M] () -- C:\windows\Installer\2961b.msi
[2013/03/29 16:50:01 | 007,767,040 | ---- | M] () -- C:\windows\Installer\29621.msi
[2013/03/29 16:50:57 | 000,298,496 | ---- | M] () -- C:\windows\Installer\2962c.msi
[2011/04/16 08:44:26 | 002,770,944 | ---- | M] () -- C:\windows\Installer\2eb61.msi
[2009/10/27 17:11:28 | 000,998,912 | ---- | M] () -- C:\windows\Installer\7a359.msi
[2013/03/29 16:39:49 | 089,470,532 | ---- | M] () -- C:\windows\Installer\7a35e.msi
[2010/03/19 12:19:04 | 000,155,136 | ---- | M] () -- C:\windows\Installer\7a363.msi
[2013/03/29 16:40:42 | 048,625,664 | ---- | M] () -- C:\windows\Installer\7a368.msi
[2010/03/17 14:40:18 | 002,728,960 | ---- | M] () -- C:\windows\Installer\7a36d.msi
[2011/03/23 21:13:44 | 000,000,000 | ---- | M] () -- C:\windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: TONI-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 C TI106140W0C NTFS Partition 285 GB Healthy Boot
Volume 2 System NTFS Partition 1500 MB Healthy Hidden

< End of report >

=====

OTL Extras logfile created on: 3/30/2013 11:52:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.78% Memory free
7.74 Gb Paging File | 6.51 Gb Available in Paging File | 84.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 259.93 Gb Free Space | 91.06% Space Free | Partition Type: NTFS
Drive E: | 488.28 Gb Total Space | 163.08 Gb Free Space | 33.40% Space Free | Partition Type: NTFS

Computer Name: TONI-PC | User Name: Toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1354588641-1740646661-3474411197-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0642B5DA-0435-40FD-8D63-483A49FE7220}" = rport=137 | protocol=17 | dir=out | app=system |
"{06D0CA36-0010-48FF-8593-D4A9614E4EDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{07354DC2-A9F1-456F-89DB-551E4DDCC1BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{10DF1C2E-A46A-41D7-9500-7C02B0E8C3AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2946E241-9BA1-42FE-8263-1CB1CBFDE702}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E9D1B61-22EC-41C6-B6EE-EC70537A7A1D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38BDBFB6-C8AF-4957-AC9B-87F9C80B2A59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39FDD967-3DC7-4378-938D-CBFE8A67C412}" = rport=445 | protocol=6 | dir=out | app=system |
"{4A7F609D-8265-42FA-8905-AFDFD690B7AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{526B9AE1-798D-4AB2-939D-07745EAB0D29}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5928480E-4557-4AB5-A80F-F6BB82AE8B15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E1C2AF9-EB83-417B-B05F-A77B66C2BA1A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6ACAD163-F837-4026-AD3A-0B7AD936D809}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7F4E5223-79E8-44F7-B63D-FC24E01B24D3}" = rport=138 | protocol=17 | dir=out | app=system |
"{820548A7-B6E3-4D0D-9EB6-078E29C1783D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA2B0C11-1A14-4B34-8F44-C56D542D4F4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{C3DB3ED7-2738-4180-98F8-89E72099F45A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CAD51FB8-F752-4067-97A1-45C3DF059C63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D91634C8-A9A2-4788-A7DD-82FFF8AC069F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EAC3A71C-4406-4864-8057-557DB1D8742C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F100ED1B-31FB-4BF2-BD04-0E9313C5A22C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F746946B-FC3D-4D58-BBF5-55563A67A1FC}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB064620-68AE-4501-BA9E-61E05DAFCB4D}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012FBFD3-251C-427F-BFB9-85F4DDCFBF6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0696F166-7924-4FFB-9D36-EACBEBC897BA}" = protocol=6 | dir=out | app=system |
"{10BC266B-CCEC-436D-A14D-E090B9A27D1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{26880D6F-1955-41AD-8E24-9DC13E342B22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B65371A-4848-413D-9C59-819A77D950E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B7F663E-6756-4D09-859E-6E8F6C8196C8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EBFABF9-FE8B-4A60-BCF9-DCF2CF50CCC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{386849EB-F615-485B-B02F-5C65B307CDF1}" = protocol=17 | dir=in | app=c:\users\toni\appdata\local\temp\7zsbc6b.tmp\symnrt.exe |
"{3E96A5A4-B94B-4BB8-8350-129279268D3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{448D8959-E83A-4A58-85A3-F9EF1A7E91E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{498EFF14-4FE4-46A2-B4FF-80FF67AB4677}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51802B97-2435-4ABF-B996-DCB8B91252E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A6D09B6-C46C-472E-90BE-EF38DCFA66CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B9B69B2-DBD2-4D0D-A1AA-0BF95C39113F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E94B5F8-A20A-4B90-8633-F7C32F7F11BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{655B6604-CD80-427E-843B-925B12AF5A45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86ACFD25-9D0F-41A6-B652-4B5279150EB9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{889D5EBC-8D55-422C-876C-5704ECE727F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8E4619F3-4898-43F6-958C-60D3369CEF9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{981D54E2-865A-44A3-9005-F5D89D7EB7C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9FA6B7A-D853-41A7-8B64-1757389C5F79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC4A626F-570D-41BE-94CA-1F011B2870CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1A0EB50-26E4-4678-A4DD-B89424397462}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EF008E3F-3E2E-4B5F-B645-40B084B6D2EE}" = protocol=6 | dir=in | app=c:\users\toni\appdata\local\temp\7zsbc6b.tmp\symnrt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AvantBrowser" = Avant Browser (remove only)
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1354588641-1740646661-3474411197-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2013 2:17:03 PM | Computer Name = Toni-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 3/29/2013 2:17:04 PM | Computer Name = Toni-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 3/29/2013 2:19:44 PM | Computer Name = Toni-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 3/29/2013 2:19:46 PM | Computer Name = Toni-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 3/29/2013 2:19:47 PM | Computer Name = Toni-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 3/29/2013 2:19:48 PM | Computer Name = Toni-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 3/29/2013 2:19:50 PM | Computer Name = Toni-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 3/29/2013 2:20:13 PM | Computer Name = Toni-PC | Source = Best Buy pc app | ID = 0
Description = Timestamp: 3/29/2013 6:20:13 PM Message: Unhandled Exception. Exception:
Retrieving the COM class factory for component with CLSID {4991D34B-80A1-4291-83B6-3328366B9097}
failed due to the following error: 8001010d. Exception Source: SharpBITS.Base Target
Method: Void .ctor() Stack Trace: at SharpBits.Base.BitsManager..ctor() at
PCImage.Modules.Home.Views.BaseWindow.BaseWindowView_Closing(Object sender, CancelEventArgs
e) at System.Windows.Window.OnClosing(CancelEventArgs e) at System.Windows.Window.WmClose()

at System.Windows.Window.WindowFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam,
IntPtr lParam, Boolean& handled) at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Category:
General Priority: -1 EventId: 0 Severity: Critical Title: Machine: TONI-PC Application
Domain: DefaultDomain Process Id: 2872 Process Name: C:\Users\Toni\AppData\Local\Apps\2.0\TVLZZTKB.44J\HHGDPHOY.QDL\best..capp_ec8bce34fe4caa9f_0003.0002_6d8902cc3c7d213e\Best
Buy pc app.exe Win32 Thread Id: 900 Thread Name: Extended Properties:

Error - 3/29/2013 2:20:34 PM | Computer Name = Toni-PC | Source = Application Hang | ID = 1002
Description = The program Best Buy pc app.exe version 3.2.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b38 Start
Time: 01ce2ca98550b5a6 Termination Time: 78 Application Path: C:\Users\Toni\AppData\Local\Apps\2.0\TVLZZTKB.44J\HHGDPHOY.QDL\best..capp_ec8bce34fe4caa9f_0003.0002_6d8902cc3c7d213e\Best
Buy pc app.exe Report Id:

Error - 3/29/2013 2:38:04 PM | Computer Name = Toni-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 11f0 Start
Time: 01ce2cac30c9c771 Termination Time: 0 Application Path: C:\windows\explorer.exe

Report
Id: 9dc5abc5-989f-11e2-814e-00266cc566cb

[ System Events ]
Error - 3/29/2013 4:46:19 PM | Computer Name = Toni-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/29/2013 4:46:19 PM | Computer Name = Toni-PC | Source = DCOM | ID = 10005
Description =

Error - 3/29/2013 4:46:20 PM | Computer Name = Toni-PC | Source = DCOM | ID = 10005
Description =

Error - 3/29/2013 4:46:20 PM | Computer Name = Toni-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/29/2013 4:46:20 PM | Computer Name = Toni-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/29/2013 4:46:20 PM | Computer Name = Toni-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/29/2013 4:46:20 PM | Computer Name = Toni-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/29/2013 4:46:20 PM | Computer Name = Toni-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/29/2013 4:46:20 PM | Computer Name = Toni-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/29/2013 4:51:56 PM | Computer Name = Toni-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.


< End of report >
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 3/31/2013 10:11 AM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
"I felt that you may want to look at the newest Combofix and OTL reports "
 
 
 
 
I've checked them and they looks clean to me, I also suppose  your computer is running fine now  ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Beauty
New Member


Date Joined Jun 2009
Total Posts : 28
 
   Posted 3/31/2013 5:17 PM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Hello Touch

That's great it's virus free. Yes my computer is running better.

Your help has been very much appreciated.by me. :-)


Thank you

Beauty
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/1/2013 10:11 AM (GMT +3)    Quote: I think it's a virusAlert an admin about: I think it's a virus
Always a pleasure          smile
 
 
 
 
 
I´ll Lock this topic, if you need it reopened, please PM me.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Locked Topic Printable version of : I think it's a virus
 
Forum Information
Currently it is Tuesday, September 02, 2014 12:01 AM (GMT +3)
There are a total of 60,585 posts in 13,313 threads.
In the last 3 days there were 1 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 36299 registered members. Please welcome our newest member, Mercedes Ripple.
2 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard Backup: 3 GB of files are "missing" but freespace calcuation seems to think they (3)8/31/2014 11:20:08 PM (Robert Mateescu)
Blocking of sites (5)8/31/2014 6:53:45 PM (Robert Mateescu)
Bullguard 2014 Firewall and high DPC latency (15)8/30/2014 12:06:05 PM (ComFox)