Jump to content

Popups after boot > Run DLL Error > There was a problem starti


volsherdeers
 Share

Recommended Posts

Hi volsherdeers,

 

Welcome to the pit.

 

Your computer appears to have been infected by a backdoor rootkit. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • [*]Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use. [*]Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account. [*]Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection might be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response. You need to seriously consider this.

 

 

If you want to try to clean it... then let me know. I should also tell you that I do not have access to a Windows 8 system so I will be "flying blind" here a little bit. Also, many of the tools I normally use are not available for Windows 8. This should give you pause and seriously consider again if you should do a reformat and reinstall.

 

If you want to go ahead... then let's try this first:

 

Download the latest version of TDSSKiller from here and save it to your Desktop. Because this rootkit sometimes blocks this program from running... I need you to save the program as tomk.exe (or at least rename it before attempting to run)

  • [*] [*]Doubleclick on
TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image
[*]Click the Start Scan button.

Posted Image
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

Posted Image
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options. [*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Posted Image
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


A report will be created in your root directory, (usually C: folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

 

Link to comment
Share on other sites

Hey Tomk,

I'm up for the challenge. Ran TDSSKiller and this version did not have the "Cure" option. Skip , copy to quarantine, or delete were the options. I went with Quarantine ! Found one object "unsigned file > service:iconman_r". Restart didn't show up so I restarted. Should I have skipped instead of quarantined ? Sorry missed the last instruction.

Link to comment
Share on other sites

The unsigned file might not be bad. Therefore no cure option was available. You might have to reinstall it out of the quarantine.

 

Let's try another tool.

[*]Download OTL to your desktop.

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

[*]Check the boxes beside LOP Check and Purity Check.

[*]Under Custom Scan paste this in

netsvcsdrivers32%SYSTEMDRIVE%*.*%systemroot%Fonts*.com%systemroot%Fonts*.dll%systemroot%Fonts*.ini%systemroot%Fonts*.ini2%systemroot%Fonts*.exe%systemroot%system32spoolprtprocsw32x86*.*%systemroot%REPAIR*.bak1%systemroot%REPAIR*.ini%systemroot%system32*.jpg%systemroot%*.jpg%systemroot%*.png%systemroot%*.scr%systemroot%*._sy%APPDATA%AdobeUpdate*.*%ALLUSERSPROFILE%Favorites*.*%APPDATA%Microsoft*.*%PROGRAMFILES%*.*%APPDATA%Update*.*%systemroot%*. /mp /sCREATERESTOREPOINT%systemroot%System32config*.sav%PROGRAMFILES%bak. /s%systemroot%system32bak. /s%ALLUSERSPROFILE%Start Menu*.lnk /x%systemroot%system32configsystemprofile*.dat /x%systemroot%*.config%systemroot%system32*.db%PROGRAMFILES%Internet Explorer*.dat%APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x%USERPROFILE%Desktop*.exe%PROGRAMFILES%Common Files*.*%systemroot%*.src%systemroot%install*.*%systemroot%system32DLL*.*%systemroot%system32HelpFiles*.*%systemroot%system32rundll*.*%systemroot%winn32*.*%systemroot%Java*.*%systemroot%system32test*.*%systemroot%system32Rundll32*.*%systemroot%AppPatchCustom*.*HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAUHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Note:These logs can be located in the OTL. folder on you C: drive if they fail to open automatically.

[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Link to comment
Share on other sites

OTL.txt

 

OTL logfile created on: 3/27/2013 4:57:43 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersGaryDesktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16484)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.59 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 70.17% Memory free

7.22 Gb Paging File | 6.03 Gb Available in Paging File | 83.61% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 455.52 Gb Total Space | 366.78 Gb Free Space | 80.52% Space Free | Partition Type: NTFS

 

Computer Name: HUBBARD | User Name: Gary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/03/27 16:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersGaryDesktopOTL.exe

PRC - [2012/11/15 17:49:18 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:Program Files (x86)PC CheckupSymcPCCULaunchSvc.exe

PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe

PRC - [2012/08/18 22:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:Program Files (x86)Norton Anti-TheftEngine1.6.0.17ccSvcHst.exe

PRC - [2012/07/23 14:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:Program Files (x86)Norton PC CheckupEngine2.0.18.15ccSvcHst.exe

PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:Program Files (x86)MicrosoftBingBar7.1.391.0SeaPort.EXE

PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll

MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2012/12/06 00:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:WindowsSysNativeTimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2012/12/06 00:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:WindowsSysNativeSystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2012/11/06 00:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativespooldriversx643PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/11/06 00:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:WindowsSysNativeAudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2012/09/20 05:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeWSService.dll -- (WSService)

SRV:64bit: - [2012/09/20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativefhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/09/20 02:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:WindowsSysNativebisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2012/08/13 22:14:02 | 000,289,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:Program FilesToshibaTecoTecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2012/08/08 13:46:00 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:WindowsSysNativeatiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/07/28 12:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:Program FilesToshibaTPHMTPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2012/07/27 17:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:Program FilesToshibaTOSHIBA Service StationTMachInfo.exe -- (TMachInfo)

SRV:64bit: - [2012/07/25 23:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesWindows DefenderMsMpEng.exe -- (WinDefend)

SRV:64bit: - [2012/07/25 23:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:WindowsSysNativewlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativewiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:WindowsSysNativewcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativevaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativesvsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/25 23:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:WindowsSysNativenetprofmsvc.dll -- (netprofm)

SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativenetlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeNcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeNcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/25 23:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:WindowsSysNativelsm.dll -- (LSM)

SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativekeyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeefssvc.dll -- (EFS)

SRV:64bit: - [2012/07/25 23:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeDeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:WindowsSysNativedas.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeAUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeicsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeicsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeicsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeicsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeicsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeicsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesZuneZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesZuneWMZuneComm.exe -- (WMZuneComm)

SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesZuneZuneNss.exe -- (ZuneNetworkSvc)

SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:WindowsSysNativeTODDSrv.exe -- (TODDSrv)

SRV - [2012/11/15 17:49:18 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:Program Files (x86)PC CheckupSymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)

SRV - [2012/11/06 00:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Windowssystem32spoolDRIVERSx643PrintConfig.dll -- (PrintNotify)

SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2012/08/18 22:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:Program Files (x86)Norton Anti-TheftEngine1.6.0.17ccSvcHst.exe -- (NAT)

SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysWOW64StorSvc.dll -- (StorSvc)

SRV - [2012/07/23 14:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:Program Files (x86)Norton PC CheckupEngine2.0.18.15ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2012/07/13 20:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:Program Files (x86)RealtekRealtek USB 2.0 Card ReaderRIconMan.exe -- (IconMan_R)

SRV - [2012/07/11 11:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe -- (NOBU)

SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:Program Files (x86)MicrosoftBingBar7.1.391.0SeaPort.EXE -- (BBUpdate)

SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:Program Files (x86)MicrosoftBingBar7.1.391.0BBSvc.EXE -- (BBSvc)

SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)WildTangent GamesAppGamesAppService.exe -- (GamesAppService)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/11/27 03:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriverssdbus.sys -- (sdbus)

DRV:64bit: - [2012/11/26 23:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversBthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversBthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDrivershidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/06 03:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversUSBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2012/11/06 03:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriverspdc.sys -- (pdc)

DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversfxppm.sys -- (FxPPM)

DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversrdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriverssdstor.sys -- (sdstor)

DRV:64bit: - [2012/10/11 03:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:WindowsSysNativeDriversdam.sys -- (dam)

DRV:64bit: - [2012/10/10 23:51:49 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversserscan.sys -- (StillCam)

DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversusbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/09/20 03:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversUSBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2012/09/20 03:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversUCX01000.SYS -- (UCX01000)

DRV:64bit: - [2012/09/20 03:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversmsgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2012/09/20 03:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversmsgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/09/20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversevbda.sys -- (ebdrv)

DRV:64bit: - [2012/09/20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversbxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/09/20 03:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriverstpm.sys -- (TPM)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversGEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/14 21:39:30 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversSynTP.sys -- (SynTP)

DRV:64bit: - [2012/08/14 01:31:42 | 001,496,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversrtwlane.sys -- (RTWlanE)

DRV:64bit: - [2012/08/14 01:31:42 | 001,496,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversrtwlane.sys -- (RTL8192Ce)

DRV:64bit: - [2012/08/08 15:03:34 | 010,283,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversatikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/08/08 12:48:22 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversatikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/08/06 22:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:WindowsSysNativeDriversNATx640106000.011ccSetx64.sys -- (ccSet_NAT)

DRV:64bit: - [2012/07/31 15:28:54 | 000,028,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversThotkey.sys -- (Thotkey)

DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:windowsSysNativedriversfs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriverscondrv.sys -- (condrv)

DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversVSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversVerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversuaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversacpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/26 01:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversspaceport.sys -- (spaceport)

DRV:64bit: - [2012/07/26 01:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversstorahci.sys -- (storahci)

DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversmvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversstexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriverslsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriverslsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversHpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversEhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversEhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversamdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDrivers3ware.sys -- (3ware)

DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversamdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:WindowsSysNativeDriversamdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversclfs.sys -- (CLFS)

DRV:64bit: - [2012/07/26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriverswfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversvpci.sys -- (vpci)

DRV:64bit: - [2012/07/26 00:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:WindowsSysNativeDriversWdFilter.sys -- (WdFilter)

DRV:64bit: - [2012/07/26 00:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversWdBoot.sys -- (WdBoot)

DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversterminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversmshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:WindowsSysNativeDriversBasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversHyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:WindowsSysNativeDriversBasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversvmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriverskdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversacpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:WindowsSysNativeDriversnpsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversWpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversacpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDrivershyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversSerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversSpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversTsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversbthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversdmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversTsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriverswpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversNdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDriversmslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WindowsSysNativeDriversNdu.sys -- (Ndu)

DRV:64bit: - [2012/07/25 19:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversTVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2012/07/25 04:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriverstdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2012/07/21 18:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:WindowsSysNativeDriversTVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2012/07/17 11:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversAtihdW86.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/07/10 19:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversFwLnk.sys -- (FwLnk)

DRV:64bit: - [2012/06/23 09:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:WindowsSysNativeDriversappexDrv.sys -- (APXACC)

DRV:64bit: - [2012/06/19 09:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversusbfilter.sys -- (usbfilter)

DRV:64bit: - [2012/06/18 13:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDriverstos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2012/06/15 16:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversRtsUVStor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2012/06/13 00:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDriversRt630x64.sys -- (RTL8168)

DRV:64bit: - [2012/05/25 20:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:WindowsSysNativeDriversNARAx640401000.00BccSetx64.sys -- (ccSet_NARA)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://toshiba13.msn.com

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = http://mystart.toshiba.com [binary data]

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://toshiba13.msn.com

IE:64bit: - HKLM..SearchScopes,DefaultScope = {08198AE5-80F1-45AE-A057-503016D08E47}

IE:64bit: - HKLM..SearchScopes{08198AE5-80F1-45AE-A057-503016D08E47}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://toshiba13.msn.com

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = http://mystart.toshiba.com [binary data]

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://toshiba13.msn.com

IE - HKLM..SearchScopes,DefaultScope = {08198AE5-80F1-45AE-A057-503016D08E47}

IE - HKLM..SearchScopes{08198AE5-80F1-45AE-A057-503016D08E47}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://toshiba13.msn.com

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://comcast.net/

IE - HKCU..SearchScopes,DefaultScope = {08198AE5-80F1-45AE-A057-503016D08E47}

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.17.2: C:windowsSysWOW64npDeployJava1.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.17.2: C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=16.4.3503.0728: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered0NP_wtapp.dll ()

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:WindowsSysNativeDriversetchosts

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBar7.1.391.0BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBar7.1.391.0BingExt.dll (Microsoft Corporation.)

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..Run: [] File not found

O4:64bit: - HKLM..Run: [RTHDVCPL] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..Run: [TCrdMain] C:Program FilesToshibaHotkeyTCrdMain_Win8.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..Run: [TecoResident] C:Program FilesToshibaTecoTecoResident.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..Run: [TODDMain] C:Program Files (x86)ToshibaSystem SettingTODDMain.exe ()

O4:64bit: - HKLM..Run: [TosWaitSrv] C:Program FilesToshibaTPHMTosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..Run: [Zune Launcher] C:Program FilesZuneZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [Norton Online Backup] C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe (Symantec Corporation)

O4 - HKLM..Run: [startCCC] C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..Run: [ToshibaAppPlace] C:Program Files (x86)ToshibaToshiba App PlaceToshibaAppPlace.exe (Toshiba)

O4 - HKCU..Run: [HP Deskjet 3520 series (NET)] C:Program FilesHPHP Deskjet 3520 seriesBinScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKCU..Run: [premlm] "C:WindowsSystem32rundll32.exe" "C:UsersGaryAppDataRoamingpremlm.dll",Method_Self File not found

O4 - HKCU..Run: [secmg] "C:WindowsSystem32rundll32.exe" "C:UsersGaryAppDataRoamingsecmg.dll",Long_FromDouble File not found

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableCursorSuppression = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9Catalog_Entries000000000001 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000002 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000003 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000004 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000005 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000006 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000007 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000008 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000009 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O10 - Protocol_Catalog9Catalog_Entries000000000010 - C:Program Files (x86)BonjourmdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{E5E87695-2343-466C-B5C8-70D9F2A2D532}: DhcpNameServer = 192.168.1.1

O18:64bit: - ProtocolHandlermsdaipp - No CLSID value found

O18:64bit: - ProtocolHandlermsdaipp0x00000001 - No CLSID value found

O18:64bit: - ProtocolHandlermsdaippoledb - No CLSID value found

O18:64bit: - ProtocolHandlermso-offdap - No CLSID value found

O18:64bit: - ProtocolHandlermso-offdap11 - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlermsdaipp0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)

O18 - ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)

O18:64bit: - ProtocolFiltertext/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:windowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:windowsSysWow64userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2{12eeccba-573f-11e2-be72-00266c2b5fa7}Shell - "" = AutoRun

O33 - MountPoints2{12eeccba-573f-11e2-be72-00266c2b5fa7}ShellAutoRuncommand - "" = "E:LaunchU3.exe" -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: wlidsvc - C:WindowsSysNativewlidsvc.dll (Microsoft Corporation)

NetSvcs:64bit: DsmSvc - C:WindowsSysNativeDeviceSetupManager.dll (Microsoft Corporation)

NetSvcs:64bit: NcaSvc - C:WindowsSysNativeNcaSvc.dll (Microsoft Corporation)

NetSvcs:64bit: SystemEventsBroker - C:WindowsSysNativeSystemEventsBrokerServer.dll (Microsoft Corporation)

 

Drivers32:64bit: msacm.l3acm - C:WindowsSystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:WindowsSysWOW64l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:windowsSysWow64iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/03/27 16:54:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersGaryDesktopOTL.exe

[2013/03/27 14:36:28 | 000,000,000 | ---D | C] -- C:TDSSKiller_Quarantine

[2013/03/27 14:23:12 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:UsersGaryDesktoptomk.exe

[2013/03/27 10:00:55 | 000,000,000 | ---D | C] -- C:HJT

[2013/03/27 09:25:33 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2013/03/27 09:25:33 | 000,000,000 | ---D | C] -- C:UsersGaryAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2013/03/26 23:23:59 | 000,000,000 | ---D | C] -- C:ProgramDataSymantec

[2013/03/26 23:19:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:windowsSysWow64javaws.exe

[2013/03/26 23:18:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:windowsSysWow64javaw.exe

[2013/03/26 23:18:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:windowsSysWow64java.exe

[2013/03/26 23:18:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:windowsSysWow64WindowsAccessBridge-32.dll

[2013/03/26 23:18:44 | 000,000,000 | ---D | C] -- C:Program Files (x86)Java

[2013/03/26 23:08:20 | 000,000,000 | ---D | C] -- C:ProgramDataBook Place

[2013/03/26 23:07:57 | 000,000,000 | ---D | C] -- C:UsersGaryDocumentsBook Place

[2013/03/26 23:07:57 | 000,000,000 | ---D | C] -- C:UsersGaryAppDataRoamingBook Place

[2013/03/26 22:54:49 | 000,000,000 | ---D | C] -- C:UsersGaryAppDataRoamingMalwarebytes

[2013/03/26 22:54:28 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2013/03/26 22:54:28 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes

[2013/03/26 22:54:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:windowsSysNativedriversmbam.sys

[2013/03/26 22:54:26 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware

[2013/03/26 22:52:34 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner

[2013/03/26 22:52:33 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner

[2013/03/03 14:26:24 | 000,000,000 | ---D | C] -- C:ProgramData5A22B7AC96E51C7000005A225D8E2057

[2013/03/02 11:02:32 | 000,000,000 | ---D | C] -- C:UsersGaryAppDataLocalCrashDumps

[2013/02/26 19:51:34 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft

[2013/02/26 19:51:28 | 000,000,000 | ---D | C] -- C:ProgramDataVisan

[2013/02/26 19:51:28 | 000,000,000 | ---D | C] -- C:ProgramDataHP Photo Creations

[2013/02/26 19:51:28 | 000,000,000 | ---D | C] -- C:Program Files (x86)HP Photo Creations

[2013/02/26 19:51:17 | 000,000,000 | ---D | C] -- C:UsersGaryAppDataRoamingHpUpdate

[2013/02/26 19:51:07 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:windowsSysNativeHPDiscoPMB011.dll

[2013/02/26 19:51:04 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsHP

[2013/02/26 19:50:40 | 000,000,000 | ---D | C] -- C:ProgramDataHP

[2013/02/26 19:50:40 | 000,000,000 | ---D | C] -- C:Program Files (x86)HP

[2013/02/26 19:50:39 | 000,000,000 | ---D | C] -- C:Program FilesHP

[2013/02/26 19:43:25 | 000,000,000 | ---D | C] -- C:UsersGaryAppDataLocalHP

 

========== Files - Modified Within 30 Days ==========

 

[2013/03/27 16:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersGaryDesktopOTL.exe

[2013/03/27 16:52:32 | 000,067,584 | --S- | M] () -- C:windowsbootstat.dat

[2013/03/27 14:42:35 | 000,848,056 | ---- | M] () -- C:windowsSysNativePerfStringBackup.INI

[2013/03/27 14:42:35 | 000,719,418 | ---- | M] () -- C:windowsSysNativeperfh009.dat

[2013/03/27 14:42:35 | 000,132,748 | ---- | M] () -- C:windowsSysNativeperfc009.dat

[2013/03/27 14:37:53 | 268,435,456 | -HS- | M] () -- C:swapfile.sys

[2013/03/27 14:37:49 | 3085,541,376 | -HS- | M] () -- C:hiberfil.sys

[2013/03/27 14:28:44 | 637,730,684 | ---- | M] () -- C:windowsMEMORY.DMP

[2013/03/27 14:23:13 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:UsersGaryDesktoptomk.exe

[2013/03/26 23:33:46 | 000,002,300 | ---- | M] () -- C:UsersGaryDocumentscc_20130326_233343.reg

[2013/03/26 23:33:12 | 000,006,500 | ---- | M] () -- C:UsersGaryDocumentscc_20130326_233308.reg

[2013/03/26 23:32:42 | 000,033,442 | ---- | M] () -- C:UsersGaryDocumentscc_20130326_233237.reg

[2013/03/26 23:18:46 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:windowsSysWow64WindowsAccessBridge-32.dll

[2013/03/26 23:18:45 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:windowsSysWow64npDeployJava1.dll

[2013/03/26 23:18:45 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:windowsSysWow64deployJava1.dll

[2013/03/26 23:18:45 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:windowsSysWow64javaws.exe

[2013/03/26 23:18:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:windowsSysWow64javaw.exe

[2013/03/26 23:18:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:windowsSysWow64java.exe

[2013/03/26 23:06:08 | 002,069,176 | ---- | M] () -- C:windowsSysNativedriversNISx641403000.024Cat.DB

[2013/03/26 23:02:37 | 000,006,527 | ---- | M] () -- C:UsersGaryAppDataLocal6dd14568-ca76-4b7d-a973-022178b41b24.crx

[2013/02/26 19:51:29 | 000,002,002 | ---- | M] () -- C:UsersPublicDesktopHP Photo Creations.lnk

[2013/02/26 19:51:06 | 000,002,223 | ---- | M] () -- C:UsersPublicDesktopHP Deskjet 3520 series.lnk

[2013/02/26 19:50:34 | 000,000,057 | ---- | M] () -- C:ProgramDataAment.ini

 

========== Files Created - No Company Name ==========

 

[2013/03/27 14:28:44 | 637,730,684 | ---- | C] () -- C:windowsMEMORY.DMP

[2013/03/26 23:33:45 | 000,002,300 | ---- | C] () -- C:UsersGaryDocumentscc_20130326_233343.reg

[2013/03/26 23:33:10 | 000,006,500 | ---- | C] () -- C:UsersGaryDocumentscc_20130326_233308.reg

[2013/03/26 23:32:41 | 000,033,442 | ---- | C] () -- C:UsersGaryDocumentscc_20130326_233237.reg

[2013/03/03 14:25:54 | 000,006,527 | ---- | C] () -- C:UsersGaryAppDataLocal6dd14568-ca76-4b7d-a973-022178b41b24.crx

[2013/02/26 19:51:29 | 000,002,002 | ---- | C] () -- C:UsersPublicDesktopHP Photo Creations.lnk

[2013/02/26 19:51:05 | 000,002,223 | ---- | C] () -- C:UsersPublicDesktopHP Deskjet 3520 series.lnk

[2013/02/26 19:50:34 | 000,000,057 | ---- | C] () -- C:ProgramDataAment.ini

[2013/02/23 23:07:12 | 000,003,584 | ---- | C] () -- C:UsersGaryAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/01/20 10:34:29 | 000,000,469 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.400.32.bc

[2013/01/12 21:47:53 | 000,000,376 | ---- | C] () -- C:windowsODBC.INI

[2013/01/12 21:20:55 | 000,083,968 | ---- | C] () -- C:windowsSysWow64OEMLicense.dll

[2012/08/29 06:04:08 | 000,451,072 | ---- | C] () -- C:windowsSysWow64ISSRemoveSP.exe

[2012/08/29 05:54:18 | 000,000,000 | ---- | C] () -- C:windowsativpsrm.bin

[2012/08/18 09:30:04 | 001,356,832 | ---- | C] () -- C:windowsROnce.exe

[2012/08/08 13:10:24 | 000,204,952 | ---- | C] () -- C:windowsSysWow64ativvsvl.dat

[2012/08/08 13:10:24 | 000,157,144 | ---- | C] () -- C:windowsSysWow64ativvsva.dat

[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:windowsSysWow64dssec.dat

[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:windowsSysWow64NOISE.DAT

[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:windowsbootstat.dat

[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:windowsSysWow64BWContextHandler.dll

[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:windowsmib.bin

[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:windowsSysWow64msjetoledb40.dll

[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:windowsSysWow64mlang.dat

[2012/05/10 19:35:16 | 000,029,184 | ---- | C] () -- C:windowsSysWow64kdbsdk32.dll

[2011/09/12 21:06:18 | 000,003,917 | ---- | C] () -- C:windowsSysWow64atipblag.dat

 

========== ZeroAccess Check ==========

 

[2013/03/03 14:26:32 | 000,002,048 | -HS- | M] () -- C:$Recycle.binS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56@

[2013/03/03 14:26:32 | 000,000,000 | -HSD | M] -- C:$Recycle.binS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56L

[2013/03/27 08:59:00 | 000,000,000 | -HSD | M] -- C:$Recycle.binS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56U

[2013/03/19 20:35:09 | 000,000,804 | ---- | M] () -- C:$Recycle.binS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56L00000004.@

[2013/03/18 17:11:00 | 000,005,120 | -HS- | M] () -- C:WindowsassemblyGAC_32Desktop.ini

[2013/03/18 17:11:00 | 000,006,144 | -HS- | M] () -- C:WindowsassemblyGAC_64Desktop.ini

 

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

 

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

 

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64

 

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

"" = C:WindowsSysNativeshell32.dll -- [2012/11/06 00:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

"" = %SystemRoot%system32shell32.dll -- [2012/11/06 00:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64

"" = C:$Recycle.BinS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56n.

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]

"" = %systemroot%system32wbemfastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64

"" = C:WindowsSysNativewbemwbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

 

========== LOP Check ==========

 

[2013/03/26 23:08:00 | 000,000,000 | ---D | M] -- C:UsersGaryAppDataRoamingBook Place

[2012/12/01 13:36:57 | 000,000,000 | ---D | M] -- C:UsersGaryAppDataRoamingPCCUStubInstaller

[2012/11/28 20:24:18 | 000,000,000 | ---D | M] -- C:UsersGaryAppDataRoamingWinBatch

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%*.* >

[2012/07/25 23:44:30 | 000,398,156 | RHS- | M] () -- C:bootmgr

[2012/06/02 10:30:55 | 000,000,001 | -HS- | M] () -- C:BOOTNXT

[2013/03/27 14:37:49 | 3085,541,376 | -HS- | M] () -- C:hiberfil.sys

[2013/03/27 14:37:53 | 3892,314,112 | -HS- | M] () -- C:pagefile.sys

[2013/03/27 14:37:53 | 268,435,456 | -HS- | M] () -- C:swapfile.sys

[2013/03/27 14:26:22 | 000,140,702 | ---- | M] () -- C:TDSSKiller.2.8.16.0_27.03.2013_14.23.43_log.txt

[2013/03/27 14:27:00 | 000,046,460 | ---- | M] () -- C:TDSSKiller.2.8.16.0_27.03.2013_14.26.33_log.txt

[2013/03/27 14:36:43 | 000,140,542 | ---- | M] () -- C:TDSSKiller.2.8.16.0_27.03.2013_14.30.21_log.txt

 

< %systemroot%Fonts*.com >

[2012/08/01 06:06:37 | 000,026,040 | ---- | M] () -- C:windowsFontsGlobalMonospace.CompositeFont

[2012/08/01 06:06:37 | 000,026,489 | ---- | M] () -- C:windowsFontsGlobalSansSerif.CompositeFont

[2012/08/01 06:06:37 | 000,029,779 | ---- | M] () -- C:windowsFontsGlobalSerif.CompositeFont

[2012/08/01 06:06:37 | 000,043,318 | ---- | M] () -- C:windowsFontsGlobalUserInterface.CompositeFont

 

< %systemroot%Fonts*.dll >

 

< %systemroot%Fonts*.ini >

[2012/07/26 04:11:41 | 000,000,065 | ---- | M] () -- C:windowsFontsdesktop.ini

 

< %systemroot%Fonts*.ini2 >

 

< %systemroot%Fonts*.exe >

 

< %systemroot%system32spoolprtprocsw32x86*.* >

 

< %systemroot%REPAIR*.bak1 >

 

< %systemroot%REPAIR*.ini >

 

< %systemroot%system32*.jpg >

 

< %systemroot%*.jpg >

 

< %systemroot%*.png >

 

< %systemroot%*.scr >

[2012/07/28 05:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:windowsWLXPGSS.SCR

 

< %systemroot%*._sy >

 

< %APPDATA%AdobeUpdate*.* >

 

< %ALLUSERSPROFILE%Favorites*.* >

 

< %APPDATA%Microsoft*.* >

 

< %PROGRAMFILES%*.* >

[2012/07/26 04:11:35 | 000,000,174 | -HS- | M] () -- C:Program Files (x86)desktop.ini

 

< %APPDATA%Update*.* >

 

< %systemroot%*. /mp /s >

 

< %systemroot%System32config*.sav >

 

< %PROGRAMFILES%bak. /s >

 

< %systemroot%system32bak. /s >

 

< %ALLUSERSPROFILE%Start Menu*.lnk /x >

 

< %systemroot%system32configsystemprofile*.dat /x >

 

< %systemroot%*.config >

 

< %systemroot%system32*.db >

 

< %PROGRAMFILES%Internet Explorer*.dat >

 

< %APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x >

[2012/12/01 10:30:48 | 000,000,223 | -HS- | M] () -- C:UsersGaryAppDataRoamingMicrosoftInternet ExplorerQuick Launchdesktop.ini

 

< %USERPROFILE%Desktop*.exe >

[2013/03/27 16:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersGaryDesktopOTL.exe

[2013/03/27 14:23:13 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:UsersGaryDesktoptomk.exe

 

< %PROGRAMFILES%Common Files*.* >

 

< %systemroot%*.src >

 

< %systemroot%install*.* >

 

< %systemroot%system32DLL*.* >

 

< %systemroot%system32HelpFiles*.* >

 

< %systemroot%system32rundll*.* >

 

< %systemroot%winn32*.* >

 

< %systemroot%Java*.* >

 

< %systemroot%system32test*.* >

 

< %systemroot%system32Rundll32*.* >

 

< %systemroot%AppPatchCustom*.* >

 

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

 

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

 

< End of report >

Link to comment
Share on other sites

OTL Extras logfile created on: 3/27/2013 4:57:43 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersGaryDesktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16484)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.59 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 70.17% Memory free

7.22 Gb Paging File | 6.03 Gb Available in Paging File | 83.61% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 455.52 Gb Total Space | 366.78 Gb Free Space | 80.52% Space Free | Partition Type: NTFS

 

Computer Name: HUBBARD | User Name: Gary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.html[@ = htmlfile] -- C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:windowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:windowsSysWow64control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Applicationsiexplore.exe [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:Program FilesInternet Exploreriexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Applicationsiexplore.exe [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== Firewall Settings ==========

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes

"{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}" = HP Deskjet 3520 series Product Improvement Study

"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{79AE0BD1-A930-B07C-C96D-E11FA9BB586F}" = AMD Catalyst Install Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8E7CCFB3-4102-6A32-8C4F-202B7AB7C8E3}" = AMD Accelerated Video Transcoding

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{A071E5FE-C9BA-0DCB-8722-8500004F9304}" = ccc-utility64

"{A0A03B53-927D-4454-A456-CB0A72A4912F}" = HP Deskjet 3520 series Basic Device Software

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B8C8422F-01F1-4791-B084-047AAFF9BFCC}" = TOSHIBA Service Station

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}" = TOSHIBA Audio Enhancement

"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64

"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER

"CCleaner" = CCleaner

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Zune" = Zune

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings

"{07BCE548-3F4B-7755-56DA-D48ABEA1C495}" = CCC Help Swedish

"{0B807A4C-9C30-813D-A0CA-EAB53CAFE2A5}" = CCC Help Russian

"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform

"{158A29A7-EDBD-F732-FA4F-966D77F54863}" = CCC Help German

"{162851FA-B8FC-2DBF-0AB1-432EDFB9E311}" = CCC Help Chinese Standard

"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar

"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver

"{1EC5E39E-ECEE-2433-5F9C-F6BB5D81E0F3}" = CCC Help Dutch

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24B45620-22B6-4E4A-B836-FF30A0B0404E}" = Toshiba Book Place

"{24D38277-CE6E-4E12-A2EE-F46832A4FA2F}" = Catalyst Control Center - Branding

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{27097D4A-8146-4B79-D157-4871F5AFBBA2}" = CCC Help Norwegian

"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform

"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide

"{3C66507C-38BA-F30D-8193-49ACC455AC20}" = CCC Help Spanish

"{3DD893E2-ED51-EBEF-A8EC-AC0EFBA6F124}" = CCC Help Italian

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker

"{44BF2578-5228-88C6-DB9E-F55F6CB7DF05}" = CCC Help Turkish

"{450E48EF-A565-5D5F-05F2-695C2AEEBFFB}" = CCC Help Greek

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials

"{4780F387-6962-2A7A-2816-9F5DCD50B350}" = CCC Help French

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE

"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions

"{59776556-45C9-0D23-5C4E-734C5E5FC2F3}" = CCC Help Korean

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration

"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common

"{5DAF0789-3F9E-3529-2147-8BAABD8E1C70}" = CCC Help Japanese

"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery

"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common

"{685202C9-9DA0-9AEA-51C8-7A700CFCB175}" = CCC Help Thai

"{69AE8CC0-E854-5E39-39AB-222D0AE00135}" = CCC Help Polish

"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)

"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80D9BC7B-00CA-F1EB-C077-E66B3D0A21DC}" = Catalyst Control Center Localization All

"{86372151-A7B9-BB84-9D98-0B914A55C6F1}" = CCC Help Hungarian

"{87A51331-4FB9-4A50-B08D-D3D8420F068A}" = TurboTax 2012 wtniper

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{88BDB715-7ABF-5A56-F383-FF9CBB6E1390}" = CCC Help English

"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office

"{95A78205-B06E-0126-3D96-13D40E89E9F8}" = CCC Help Danish

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{998042A4-4186-9410-B434-03292C6FD4EE}" = CCC Help Portuguese

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver

"{9FAF2E78-2830-308F-DFFB-7BEB546538A9}" = AMD VISION Engine Control Center

"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide

"{B1786E63-2127-42C9-95A3-146E5F727BF1}" = TOSHIBA Password Utility

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform

"{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}" = HP Deskjet 3520 series Help

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{D5465517-574A-0325-2248-A9F3C48452B6}" = CCC Help Chinese Traditional

"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker

"{D83D5480-00CF-9FC9-95CF-60F5E92D8735}" = CCC Help Finnish

"{DA6C22A8-64CD-9374-A5F4-E2A3994A6327}" = Catalyst Control Center Graphics Previews Common

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper

"{EA6358BC-1DDA-882D-8642-15DBC063192C}" = CCC Help Czech

"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place

"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"FrostWire 5" = FrostWire 5.5.0

"HP Photo Creations" = HP Photo Creations

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"NARA" = Norton Online Backup ARA

"NAT" = Norton Anti-Theft

"Norton PC Checkup_is1" = Norton PC Checkup

"NortonPCCheckup" = Norton PC Checkup

"NortonSD" = Norton Security Dashboard

"Origin" = Origin

"TurboTax 2012" = TurboTax 2012

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WTA-3a489151-2ad0-4f81-a48f-22adb2ffe346" = FATE

"WTA-4fa4c78d-d8ea-4234-9958-0dfbfcc7621d" = Virtual Villagers 4 - The Tree of Life

"WTA-802226c2-e080-4b18-a292-80288acf25a3" = Polar Bowler

"WTA-87d744a9-9a0d-43b5-bee5-37a342bdbc92" = Penguins!

"WTA-8979d793-8539-4bf7-888f-ae7f4d13f81f" = Farmscapes

"WTA-91bad321-12ce-4705-b7f3-bcf4e298ea0d" = Plants vs. Zombies - Game of the Year

"WTA-e59e1248-f05c-4f57-8f97-bfb623818455" = Bejeweled 3

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 3/7/2013 7:33:24 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x009a0028 Faulting process id: 0x1268 Faulting application

start time: 0x01ce1b8c29a0ecb6 Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: 67550047-877f-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:34:25 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00ed0028 Faulting process id: 0xa80 Faulting application

start time: 0x01ce1b8c4daa2c9d Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: 8b6393cf-877f-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:35:25 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00870028 Faulting process id: 0x11a0 Faulting application

start time: 0x01ce1b8c71b9cf82 Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: af6f6a5f-877f-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:36:26 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00480028 Faulting process id: 0xbc8 Faulting application

start time: 0x01ce1b8c95b22758 Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: d36886d8-877f-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:37:26 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00760028 Faulting process id: 0x13d0 Faulting application

start time: 0x01ce1b8cb9be3d99 Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: f773da11-877f-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:38:27 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00d30028 Faulting process id: 0xa70 Faulting application

start time: 0x01ce1b8cddb798f1 Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: 1b6df183-8780-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:39:27 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00810028 Faulting process id: 0x12fc Faulting application

start time: 0x01ce1b8d01bf9cc3 Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: 3f73acfb-8780-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:40:27 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00560028 Faulting process id: 0x10f0 Faulting application

start time: 0x01ce1b8d25c69376 Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: 637aa762-8780-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:41:28 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00150028 Faulting process id: 0x13cc Faulting application

start time: 0x01ce1b8d49c0626d Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: 87784696-8780-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

Error - 3/7/2013 7:42:28 PM | Computer Name = Hubbard | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.2.9200.16420, time

stamp: 0x505a96c3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00490028 Faulting process id: 0x1210 Faulting application

start time: 0x01ce1b8d6dc264df Faulting application path: C:windowsSysWOW64svchost.exe

Faulting

module path: unknown Report Id: ab75b627-8780-11e2-be79-00266c2b5fa7 Faulting package

full name: Faulting package-relative application ID:

 

[ System Events ]

Error - 3/18/2013 5:07:56 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:08:00 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:08:01 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:08:02 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:08:08 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:08:09 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:08:16 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:08:35 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:09:05 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

Error - 3/18/2013 5:09:15 PM | Computer Name = Hubbard | Source = DCOM | ID = 10010

Description =

 

 

< End of report >

Link to comment
Share on other sites

Double click on OTL

:Processes:FilesC:$Recycle.binS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56C:WindowsassemblyGAC_32Desktop.iniC:WindowsassemblyGAC_64Desktop.ini:Commands[purity][emptytemp][start explorer][Reboot]

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

[*]Do Not copy the word CODE

[*]please note the fix starts with the :

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered

[*]Please save the resulting log to be posted in your next reply.

[*]Reboot your computer

Please post the OTL log.

Link to comment
Share on other sites

All processes killed

========== PROCESSES ==========

========== FILES ==========

C:$Recycle.binS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56U folder moved successfully.

C:$Recycle.binS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56L folder moved successfully.

C:$Recycle.binS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56 folder moved successfully.

C:WindowsassemblyGAC_32Desktop.ini moved successfully.

C:WindowsassemblyGAC_64Desktop.ini moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Gary

->Temp folder emptied: 26008670 bytes

->Temporary Internet Files folder emptied: 14697925 bytes

->Java cache emptied: 55559 bytes

->Flash cache emptied: 506 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 33157286 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 655482 bytes

RecycleBin emptied: 1405851 bytes

 

Total Files Cleaned = 72.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 03272013_193645

 

FilesFolders moved on Reboot...

C:UsersGaryAppDataLocalMicrosoftWindowsTemporary Internet Filescounters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites

Posted ImagePosted Image

[*]Download RogueKiller and save it on your desktop.

[*]Quit all programs

[*]Start RogueKiller.exe.

[*]Wait until Prescan has finished ...

[*]Click on Scan

[*]Wait for the end of the scan.

[*]The report has been created on the desktop.

[*]Click on the Delete button.

[*]The report has been created on the desktop.

[*]Next click on the ShortcutsFix

Posted Image

[*]The report has been created on the desktop.

  • Please post: All RKreport.txt text files located on your desktop.
Link to comment
Share on other sites

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Gary [Admin rights]
Mode : Scan -- Date : 03/27/2013 19:57:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][sUSP PATH] HKCU[...]Run : premlm ("C:WindowsSystem32rundll32.exe" "C:UsersGaryAppDataRoamingpremlm.dll",Method_Self) [-] -> FOUND
[RUN][sUSP PATH] HKCU[...]Run : secmg ("C:WindowsSystem32rundll32.exe" "C:UsersGaryAppDataRoamingsecmg.dll",Long_FromDouble) [-] -> FOUND
[RUN][sUSP PATH] HKUSS-1-5-21-915444856-489808721-1271189938-1001[...]Run : premlm ("C:WindowsSystem32rundll32.exe" "C:UsersGaryAppDataRoamingpremlm.dll",Method_Self) [-] -> FOUND
[RUN][sUSP PATH] HKUSS-1-5-21-915444856-489808721-1271189938-1001[...]Run : secmg ("C:WindowsSystem32rundll32.exe" "C:UsersGaryAppDataRoamingsecmg.dll",Long_FromDouble) [-] -> FOUND
[HJ DESK] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR[...]InprocServer32 : (C:$Recycle.BinS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKLM[...]InprocServer32 : (C:$Recycle.BinS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56n.) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:$recycle.binS-1-5-21-915444856-489808721-1271189938-1001$6fdc4f108b786182ba5328d5ec3ede56@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:$recycle.binS-1-5-21-915444856-489808721-1271189938-1001$6fdc4f108b786182ba5328d5ec3ede56U --> FOUND
[ZeroAccess][FOLDER] L : C:$recycle.binS-1-5-21-915444856-489808721-1271189938-1001$6fdc4f108b786182ba5328d5ec3ede56L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:windowssystem32driversetchosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03272013_02d1957.txt >>
RKreport[1]_S_03272013_02d1957.txt

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Gary [Admin rights]
Mode : Remove -- Date : 03/27/2013 19:59:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][sUSP PATH] HKCU[...]Run : premlm ("C:WindowsSystem32rundll32.exe" "C:UsersGaryAppDataRoamingpremlm.dll",Method_Self) [-] -> DELETED
[RUN][sUSP PATH] HKCU[...]Run : secmg ("C:WindowsSystem32rundll32.exe" "C:UsersGaryAppDataRoamingsecmg.dll",Long_FromDouble) [-] -> DELETED
[HJ DESK] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR[...]InprocServer32 : (C:$Recycle.BinS-1-5-18$6fdc4f108b786182ba5328d5ec3ede56n.) [x] -> REPLACED (C:windowssystem32wbemfastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:$recycle.binS-1-5-21-915444856-489808721-1271189938-1001$6fdc4f108b786182ba5328d5ec3ede56@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:$recycle.binS-1-5-21-915444856-489808721-1271189938-1001$6fdc4f108b786182ba5328d5ec3ede56U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:$recycle.binS-1-5-21-915444856-489808721-1271189938-1001$6fdc4f108b786182ba5328d5ec3ede56L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:windowssystem32driversetchosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03272013_02d1959.txt >>
RKreport[1]_S_03272013_02d1957.txt ; RKreport[2]_D_03272013_02d1959.txt

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Gary [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/27/2013 20:03:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 88 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 300 / Fail 0
My documents: Success 30 / Fail 30
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2714 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 24 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] DeviceHarddiskVolume4 -- 0x3 --> Restored
[D:] DeviceCdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[3]_SC_03272013_02d2003.txt >>
RKreport[1]_S_03272013_02d1957.txt ; RKreport[2]_D_03272013_02d1959.txt ; RKreport[3]_SC_03272013_02d2003.txt

Link to comment
Share on other sites

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Gary [Admin rights]

Mode : Scan -- Date : 03/27/2013 21:32:46

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:windowssystem32driversetchosts

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++

--- User ---

[MBR] a84dd93b5b19931ceaddbccc47850486

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1]_S_03272013_02d2132.txt >>

RKreport[1]_S_03272013_02d2132.txt

 

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Gary [Admin rights]

Mode : Remove -- Date : 03/27/2013 21:36:55

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:windowssystem32driversetchosts

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++

--- User ---

[MBR] a84dd93b5b19931ceaddbccc47850486

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[2]_D_03272013_02d2136.txt >>

RKreport[1]_S_03272013_02d2132.txt ; RKreport[2]_D_03272013_02d2136.txt

 

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Gary [Admin rights]

Mode : Shortcuts HJfix -- Date : 03/27/2013 21:39:18

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 0 / Fail 0

Quick launch: Success 0 / Fail 0

Programs: Success 0 / Fail 0

Start menu: Success 0 / Fail 0

User folder: Success 25 / Fail 0

My documents: Success 0 / Fail 0

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 0 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 1 / Fail 0

Backup: [NOT FOUND]

 

Drives:

[C:] DeviceHarddiskVolume4 -- 0x3 --> Restored

[D:] DeviceCdRom0 -- 0x5 --> Skipped

 

Finished : << RKreport[3]_SC_03272013_02d2139.txt >>

RKreport[1]_S_03272013_02d2132.txt ; RKreport[2]_D_03272013_02d2136.txt ; RKreport[3]_SC_03272013_02d2139.txt

Link to comment
Share on other sites

Farbar Service Scanner Version: 03-03-2013

Ran by Gary (administrator) on 27-03-2013 at 21:53:10

Running from "C:UsersGaryDesktop"

Windows 8 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv0000 registry key. The key does not exist.

 

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

 

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

 

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

 

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

 

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

 

 

File Check:

========

C:WindowsSystem32nsisvc.dll => MD5 is legit

C:WindowsSystem32driversnsiproxy.sys => MD5 is legit

C:WindowsSystem32dhcpcore.dll => MD5 is legit

C:WindowsSystem32driversafd.sys => MD5 is legit

C:WindowsSystem32driverstdx.sys => MD5 is legit

C:WindowsSystem32Driverstcpip.sys => MD5 is legit

C:WindowsSystem32dnsrslvr.dll => MD5 is legit

C:WindowsSystem32mpssvc.dll => MD5 is legit

C:WindowsSystem32bfe.dll => MD5 is legit

C:WindowsSystem32driversmpsdrv.sys => MD5 is legit

C:WindowsSystem32SDRSVC.dll => MD5 is legit

C:WindowsSystem32vssvc.exe => MD5 is legit

C:WindowsSystem32wscsvc.dll => MD5 is legit

C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit

C:WindowsSystem32wuaueng.dll => MD5 is legit

C:WindowsSystem32qmgr.dll => MD5 is legit

C:WindowsSystem32es.dll => MD5 is legit

C:WindowsSystem32cryptsvc.dll => MD5 is legit

C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit

C:Program FilesWindows DefenderMsMpEng.exe => MD5 is legit

C:WindowsSystem32ipnathlp.dll => MD5 is legit

C:WindowsSystem32iphlpsvc.dll => MD5 is legit

C:WindowsSystem32svchost.exe => MD5 is legit

C:WindowsSystem32rpcss.dll => MD5 is legit

 

 

**** End of log ****

Link to comment
Share on other sites

Yeppers... you've got a bunch of borked services.

 

Let's try this tool:

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Posted Image

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:Program Files (x86)Tweaking.comWindows Repair (All in One)Logs
32-bit systems - C:Program FilesTweaking.comWindows Repair (All in One)Logs

Link to comment
Share on other sites

Running Repair Under System AccountStarting Repairs... Start (3/28/2013 12:44:46 AM)

Register System Files Start (3/28/2013 12:44:46 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:46:00 AM)

Repair WMI Start (3/28/2013 12:46:00 AM) Running Repair Under Current User AccountInvalid Global Switch.

Invalid Global Switch.

Running Repair Under System AccountInvalid Global Switch.

Invalid Global Switch.

Done (3/28/2013 12:51:31 AM)

Repair Windows Firewall Start (3/28/2013 12:51:32 AM) Running Repair Under Current User AccountThe service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Running Repair Under System AccountThe service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Done (3/28/2013 12:51:41 AM)

Repair Internet Explorer Start (3/28/2013 12:51:41 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:52:08 AM)

Repair MDAC/MS Jet Start (3/28/2013 12:52:08 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:52:33 AM)

Repair Hosts File Start (3/28/2013 12:52:34 AM) Running Repair Under System Account Done (3/28/2013 12:52:36 AM)

Remove Policies Set By Infections Start (3/28/2013 12:52:36 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:52:41 AM)

Repair Icons Start (3/28/2013 12:52:41 AM) Running Repair Under System AccountCould Not Find C:UsersGaryAppDataLocalIconCache.db.bakCould Not Find C:UsersGaryAppDataLocalIconCache.db Done (3/28/2013 12:52:43 AM)

Repair Winsock & DNS Cache Start (3/28/2013 12:52:43 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:53:01 AM)

Repair Proxy Settings Start (3/28/2013 12:53:01 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:53:05 AM)

Repair Windows Updates Start (3/28/2013 12:53:05 AM) Running Repair Under Current User AccountThe service name is invalid.

More help is available by typing NET HELPMSG 2185.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified. Running Repair Under System AccountThe Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified. Done (3/28/2013 12:53:36 AM)

Repair CD/DVD Missing/Not Working Start (3/28/2013 12:53:36 AM) Done (3/28/2013 12:53:36 AM)

Repair Volume Shadow Copy Service Start (3/28/2013 12:53:36 AM) Running Repair Under Current User AccountThe Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System AccountThe Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (3/28/2013 12:53:45 AM)

Repair MSI (Windows Installer) Start (3/28/2013 12:53:45 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:53:54 AM)

Repair bat Association Start (3/28/2013 12:53:54 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:53:59 AM)

Repair cmd Association Start (3/28/2013 12:53:59 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:04 AM)

Repair com Association Start (3/28/2013 12:54:04 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:08 AM)

Repair Directory Association Start (3/28/2013 12:54:08 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:13 AM)

Repair Drive Association Start (3/28/2013 12:54:13 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:18 AM)

Repair exe Association Start (3/28/2013 12:54:18 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:23 AM)

Repair Folder Association Start (3/28/2013 12:54:23 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:28 AM)

Repair inf Association Start (3/28/2013 12:54:28 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:33 AM)

Repair lnk (Shortcuts) Association Start (3/28/2013 12:54:33 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:37 AM)

Repair msc Association Start (3/28/2013 12:54:37 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:42 AM)

Repair reg Association Start (3/28/2013 12:54:42 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:47 AM)

Repair scr Association Start (3/28/2013 12:54:47 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:52 AM)

Repair Windows Safe Mode Start (3/28/2013 12:54:52 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:54:57 AM)

Repair Print Spooler Start (3/28/2013 12:54:57 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:55:10 AM)

Restore Important Windows Services Start (3/28/2013 12:55:10 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:55:15 AM)

Set Windows Services To Default Startup Start (3/28/2013 12:55:15 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/28/2013 12:55:26 AM)

Cleaning up empty logs...

All Selected Repairs Done. Done (3/28/2013 12:55:26 AM) Total Repair Time: 00:10:40

...YOU MUST RESTART YOUR SYSTEM... Running Repair Under System Account

Link to comment
Share on other sites

Farbar Service Scanner Version: 03-03-2013Ran by Gary (administrator) on 28-03-2013 at 11:43:56Running from "C:UsersGaryDesktop"Windows 8 (X64)Boot Mode: Normal****************************************************************

Internet Services:============

Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.

Windows Firewall:=============MpsSvc Service is not running. Checking service configuration:The start type of MpsSvc service is OK.The ImagePath of MpsSvc service is OK.The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:The start type of bfe service is OK.The ImagePath of bfe service is OK.The ServiceDll of bfe service is OK.

Firewall Disabled Policy:==================

System Restore:============

System Restore Disabled Policy:========================

Action Center:============

Windows Update:============

Windows Autoupdate Disabled Policy:============================

Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:==========================[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]"DisableAntiSpyware"=DWORD:1

Other Services:==============

File Check:========C:WindowsSystem32nsisvc.dll => MD5 is legitC:WindowsSystem32driversnsiproxy.sys => MD5 is legitC:WindowsSystem32dhcpcore.dll => MD5 is legitC:WindowsSystem32driversafd.sys => MD5 is legitC:WindowsSystem32driverstdx.sys => MD5 is legitC:WindowsSystem32Driverstcpip.sys => MD5 is legitC:WindowsSystem32dnsrslvr.dll => MD5 is legitC:WindowsSystem32mpssvc.dll => MD5 is legitC:WindowsSystem32bfe.dll => MD5 is legitC:WindowsSystem32driversmpsdrv.sys => MD5 is legitC:WindowsSystem32SDRSVC.dll => MD5 is legitC:WindowsSystem32vssvc.exe => MD5 is legitC:WindowsSystem32wscsvc.dll => MD5 is legitC:WindowsSystem32wbemWMIsvc.dll => MD5 is legitC:WindowsSystem32wuaueng.dll => MD5 is legitC:WindowsSystem32qmgr.dll => MD5 is legitC:WindowsSystem32es.dll => MD5 is legitC:WindowsSystem32cryptsvc.dll => MD5 is legitC:Program FilesWindows DefenderMpSvc.dll => MD5 is legitC:Program FilesWindows DefenderMsMpEng.exe => MD5 is legitC:WindowsSystem32ipnathlp.dll => MD5 is legitC:WindowsSystem32iphlpsvc.dll => MD5 is legitC:WindowsSystem32svchost.exe => MD5 is legitC:WindowsSystem32rpcss.dll => MD5 is legit

**** End of log ****

Link to comment
Share on other sites

Well... that's all that I think I can do for you so let's clean up our toys and let you be on your way.

 

Now to remove some of the tools that we have used in fixing your machine:

  • [*]Make sure you have an Internet Connection. [*]Download
OTC to your desktop and run it [*]A list of tool components used in the cleanup of malware will be downloaded. [*]If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so. [*]Click Yes to begin the cleanup process and remove these components, including this application. [*]You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

 

 

Any tools or logs remaining can just be deleted.

 


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Link to comment
Share on other sites

I'm hoping you really want to find a good anti-virus program. You already found a good Virus program... it's what brought you here. :rofl3:

 

PCPitstop has it's own program (that is what pays the bills for this site) called PCMatic.

 

As I've said, I know little about Windows 8 but I believe that most AV's are now compatible. Personally I like the free ones (because I'm cheap). I like Microsoft Security Essentials and AVAST! best. I also use Avira free. Each of those is on a different computer, of course. You only want one AV on any single system. Use one of those, couple that with Malwarebytes antimalware and be sure your firewall is on. Do that and practice safe computing and you should be fine.

 

You are welcome for the assistance.

 

Happy Easter to you and yours.

 

Good luck and be well. :adios:

Link to comment
Share on other sites

  • 2 weeks later...

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

 

Everyone else please begin a New Topic.

Link to comment
Share on other sites

 Share

×
×
  • Create New...