Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Updater


  • This topic is locked This topic is locked
11 replies to this topic

#1 i5staniel

i5staniel

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 22 August 2010 - 08:29 PM

CTRL, ALT, DEL, does nothing when it freezes. If running task manager when it crashes it will show "Windows Updater" for a second. The only thing I can do is hold down the power button. On start up it checks the disc. Then everything will seem fine, then it crashes again. I can not create a back up.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Puter at 20:42:07.60 on Sun 08/22/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.2242 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vVX3000.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\aol\1260934181\ee\aolsoftware.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Puter\Downloads\Defogger(2).exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Puter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.wunderground.com/wundermap/?lat=29.91740036&lon=-81.33931732&zoom=10&pin=Saint%20Augustine%2c%20FL
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files (x86)\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files (x86)\aol toolbar\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files (x86)\aol toolbar\aoltb.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_06\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files (x86)\aol toolbar\aoltb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [1618835141] c:\program files (x86)\toshiba registration\registration.exe /r "c:\program files (x86)\toshiba registration\Registration.rpd"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MoneyAgent] "c:\program files (x86)\microsoft money\system\mnyexpr.exe"
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files (x86)\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files (x86)\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [jswtrayutil] "c:\program files (x86)\jumpstart\jswtrayutil.exe"
mRun: [LifeCam] "c:\program files (x86)\microsoft lifecam\LifeExp.exe"
mRun: [HostManager] "c:\program files (x86)\common files\aol\1260934181\ee\AOLSoftware.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files (x86)\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\users\puter\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files (x86)\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [VX3000] c:\windows\vVX3000.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\puter\appdata\roaming\mozilla\firefox\profiles\pogf8f76.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://uvlink.uvu.edu/cp/home/loginf
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50-ab-en-us&query=
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\puter\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\puter\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: protocol-handler.warn-external.dnUpdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-8-20 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-8-20 250448]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2009-5-23 504912]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-8-20 124496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-20 432720]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-20 121936]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwfx.sys [2009-5-23 26624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-20 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-20 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-20 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-8-20 119200]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\toshiba\configfree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 175104]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-20 40384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 8704]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9dfb261a18d80;Google Update Service (gupdate1c9dfb261a18d80);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-5-28 133104]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\jumpstart\jswpsapi.exe [2009-5-23 954368]
S3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe --> c:\progra~2\mcafee\viruss~1\mcsysmon.exe [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-5-23 93184]
S4 KR10I64;KR10I64;c:\windows\system32\drivers\KR10I64.sys [2008-8-14 248320]
S4 KR10N64;KR10N64;c:\windows\system32\drivers\KR10N64.sys [2008-8-14 237568]

=============== Created Last 30 ================

2010-08-23 00:32:30 0 ----a-w- c:\users\puter\defogger_reenable
2010-08-22 22:07:31 65536 --sha-w- c:\users\puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TM.blf
2010-08-22 22:07:31 524288 --sha-w- c:\users\puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2010-08-22 22:07:31 524288 --sha-w- c:\users\puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2010-08-22 20:51:08 0 d-sh--w- C:\found.004
2010-08-22 17:10:40 0 d-sh--w- C:\found.003
2010-08-20 04:52:12 432720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-20 04:52:12 124496 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-08-20 04:49:29 250448 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-08-20 04:49:26 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-20 04:47:38 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-08-20 04:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-08-20 04:47:33 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-08-20 04:20:54 65536 --sha-w- c:\users\puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TM.blf
2010-08-20 04:20:54 524288 --sha-w- c:\users\puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2010-08-20 04:20:54 524288 --sha-w- c:\users\puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 04:05:50 65536 --sha-w- c:\users\puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TM.blf
2010-08-12 04:05:50 524288 --sha-w- c:\users\puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2010-08-12 04:05:50 524288 --sha-w- c:\users\puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2010-08-08 17:01:39 0 d-----w- c:\programdata\WindowsSearch
2010-08-08 16:36:31 0 d-sh--w- C:\found.002
2010-08-04 05:43:46 0 d-sh--w- C:\found.001
2010-08-03 03:07:39 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-30 04:20:34 0 d-----w- c:\users\puter\appdata\roaming\Malwarebytes
2010-07-30 04:20:16 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 04:20:16 0 d-----w- c:\programdata\Malwarebytes
2010-07-30 04:20:16 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-08-23 00:19:05 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-22 22:52:58 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-22 22:52:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-22 22:52:53 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-22 22:48:50 57752 ----a-w- c:\windows\syswow64\rpcnet.dll
2010-08-22 22:48:50 17408 ----a-w- c:\windows\syswow64\rpcnetp.dll
2010-08-22 22:48:03 17408 ----a-w- c:\windows\syswow64\rpcnetp.exe
2010-06-28 16:56:48 1032704 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:17:26 833024 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-28 16:17:07 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-28 16:15:50 146432 ----a-w- c:\windows\syswow64\occache.dll
2010-06-28 16:14:56 671232 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-28 16:14:41 476672 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-28 16:14:41 3586560 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-28 16:14:39 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-28 16:13:52 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-28 16:13:33 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-28 16:13:33 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-28 16:13:32 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-28 16:13:32 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-28 16:13:32 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:13:31 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2010-06-21 13:53:02 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:17:49 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 16:43:54 36352 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-11 16:09:43 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:08:18 1875456 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 15:31:42 274432 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 15:30:23 1257472 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 17:47:14 4690832 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-03 23:22:45 22800 ----a-w- c:\users\puter\appdata\roaming\wklnhst.dat
2010-05-27 19:16:09 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-05-26 16:53:52 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 16:16:50 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 14:56:53 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2008-08-14 20:09:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-10 19:48:43 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-01-10 19:48:43 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-01-10 19:48:43 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-05-23 16:18:05 5 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-05-23 16:18:09 15 --sh--r- c:\windows\syswow64\drivers\fbd.sys
2009-05-23 18:46:51 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-05-23 18:46:51 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-05-23 18:46:51 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:43:03.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:19 PM

Posted 29 August 2010 - 02:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 i5staniel

i5staniel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 29 August 2010 - 06:26 PM

CTRL, ALT, DEL, does nothing when it freezes. If running task manager when it crashes it will show "Windows Updater" for a second. The only thing I can do is hold down the power button. On start up it checks the disc. Then everything will seem fine, then it crashes again. I can not create a back up. If I run Avast or malwarebytes it will freeze after 30 minutes. Sometimes it will last over an hour.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Puter at 19:14:05.30 on Sun 08/29/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.2004 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vVX3000.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\aol\1260934181\ee\aolsoftware.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Users\Puter\Desktop\Defogger.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Puter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.wunderground.com/wundermap/?lat=29.91740036&lon=-81.33931732&zoom=10&pin=Saint%20Augustine%2c%20FL
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files (x86)\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files (x86)\aol toolbar\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files (x86)\aol toolbar\aoltb.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_06\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files (x86)\aol toolbar\aoltb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [1618835141] c:\program files (x86)\toshiba registration\registration.exe /r "c:\program files (x86)\toshiba registration\Registration.rpd"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MoneyAgent] "c:\program files (x86)\microsoft money\system\mnyexpr.exe"
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files (x86)\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files (x86)\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [jswtrayutil] "c:\program files (x86)\jumpstart\jswtrayutil.exe"
mRun: [LifeCam] "c:\program files (x86)\microsoft lifecam\LifeExp.exe"
mRun: [HostManager] "c:\program files (x86)\common files\aol\1260934181\ee\AOLSoftware.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files (x86)\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\users\puter\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files (x86)\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [VX3000] c:\windows\vVX3000.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\puter\appdata\roaming\mozilla\firefox\profiles\pogf8f76.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://uvlink.uvu.edu/cp/home/loginf
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50-ab-en-us&query=
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\puter\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\puter\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: protocol-handler.warn-external.dnUpdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-8-20 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-8-20 250448]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2009-5-23 504912]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-8-20 124496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-20 432720]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-20 121936]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwfx.sys [2009-5-23 26624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-20 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-20 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-20 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-8-20 119200]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\toshiba\configfree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 175104]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-20 40384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 8704]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9dfb261a18d80;Google Update Service (gupdate1c9dfb261a18d80);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-5-28 133104]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\jumpstart\jswpsapi.exe [2009-5-23 954368]
S3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe --> c:\progra~2\mcafee\viruss~1\mcsysmon.exe [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-5-23 93184]
S4 KR10I64;KR10I64;c:\windows\system32\drivers\KR10I64.sys [2008-8-14 248320]
S4 KR10N64;KR10N64;c:\windows\system32\drivers\KR10N64.sys [2008-8-14 237568]

=============== Created Last 30 ================

2010-08-29 23:13:54 0 ----a-w- c:\users\puter\defogger_reenable
2010-08-25 02:59:53 0 d-sh--w- C:\found.005
2010-08-22 22:07:31 65536 --sha-w- c:\users\puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TM.blf
2010-08-22 22:07:31 524288 --sha-w- c:\users\puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2010-08-22 22:07:31 524288 --sha-w- c:\users\puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2010-08-22 20:51:08 0 d-sh--w- C:\found.004
2010-08-22 17:10:40 0 d-sh--w- C:\found.003
2010-08-20 04:52:12 432720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-20 04:52:12 124496 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-08-20 04:49:29 250448 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-08-20 04:49:26 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-20 04:47:38 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-08-20 04:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-08-20 04:47:33 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-08-20 04:20:54 65536 --sha-w- c:\users\puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TM.blf
2010-08-20 04:20:54 524288 --sha-w- c:\users\puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2010-08-20 04:20:54 524288 --sha-w- c:\users\puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 04:05:50 65536 --sha-w- c:\users\puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TM.blf
2010-08-12 04:05:50 524288 --sha-w- c:\users\puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2010-08-12 04:05:50 524288 --sha-w- c:\users\puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2010-08-08 17:01:39 0 d-----w- c:\programdata\WindowsSearch
2010-08-08 16:36:31 0 d-sh--w- C:\found.002
2010-08-04 05:43:46 0 d-sh--w- C:\found.001
2010-08-03 03:07:39 11581440 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-08-29 23:05:25 57752 ----a-w- c:\windows\syswow64\rpcnet.dll
2010-08-29 23:05:25 17408 ----a-w- c:\windows\syswow64\rpcnetp.dll
2010-08-29 23:04:43 17408 ----a-w- c:\windows\syswow64\rpcnetp.exe
2010-08-29 23:04:43 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-22 22:52:58 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-22 22:52:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-22 22:52:53 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-28 16:56:48 1032704 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:17:26 833024 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-28 16:17:07 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-28 16:15:50 146432 ----a-w- c:\windows\syswow64\occache.dll
2010-06-28 16:14:56 671232 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-28 16:14:41 476672 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-28 16:14:41 3586560 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-28 16:14:39 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-28 16:13:52 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-28 16:13:33 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-28 16:13:33 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-28 16:13:32 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-28 16:13:32 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-28 16:13:32 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:13:31 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2010-06-21 13:53:02 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:17:49 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 16:43:54 36352 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-11 16:09:43 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:08:18 1875456 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 15:31:42 274432 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 15:30:23 1257472 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 17:47:14 4690832 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-03 23:22:45 22800 ----a-w- c:\users\puter\appdata\roaming\wklnhst.dat
2008-08-14 20:09:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-10 19:48:43 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-01-10 19:48:43 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-01-10 19:48:43 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-05-23 16:18:05 5 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-05-23 16:18:09 15 --sh--r- c:\windows\syswow64\drivers\fbd.sys
2009-05-23 18:46:51 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-05-23 18:46:51 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-05-23 18:46:51 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:15:09.84 ===============

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:19 PM

Posted 29 August 2010 - 07:45 PM

Hello,

Is the only thing your machine is doing is freezing? Any redirecting or popups when using Internet explorer?

We need to shutdown Windows Defender first.

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

1.
Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


2.
Download Bootkit remover to your desktop

1. Extract the file to your desktop.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose Select All.
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

3.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

4.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

5.
You may have corrupt critical system files. Let's see if we can fix that.

1. Select
2. Select All Programs
3. Select Accessories
4. Right click Command Prompt and choose Run as administrator


  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.

  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.

  • Type in sfc /scannow in the command window and press enter.

  • Note the space between the c and the /

  • If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. This can be done with a borrowed DVD if you don't have one.

  • Be patient because the scan may take some time.

  • Allow the scan to run and when completed, reboot the system.

6.
    1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
RkuUnhooker
Bootkit Remover log
MBRcheck log
OTL.txt
Extra.txt
How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 i5staniel

i5staniel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 30 August 2010 - 11:46 PM

Hey Fireman4it,

Thanks for you help.

Well, before it starting crashing I had a black screen pop up occasionally on start up with a single box that would say AOL needs to install updates. Something looked wrong. I always X'ed out of it. I haven't seen it since it started freezing. The girlfriend may have clicked on it even though she will never admit it. I get pharmacy emails from my AOL account to my AOL account with nothing in the sent box. I figured that someone got my login info so I changed my password but it keeps happening, although less frequent. Could they be related?

Sometimes I get redirected to an AT&T browser problem successfully resolved page. It asks me to restart the browser. I can't get it to do it again right now.

Last night I left it on, and it was still on this morning. The only thing I did was to uninstall Blackberry desk top. It was really annoying with all the restarting I have had to do. I had it installed for about 4 months before the crashing started, so it's not new.

Here is everything you asked for:


I can't Run RKUnhooker:

Error loading driver, NTSATUS code: 0x000036B


Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite A305
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 157):
0x02607000 \SystemRoot\system32\ntoskrnl.exe
0x02B1F000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00638000 \SystemRoot\system32\PSHED.dll
0x0064C000 \SystemRoot\system32\CLFS.SYS
0x006A9000 \SystemRoot\system32\CI.dll
0x00801000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E9000 \SystemRoot\system32\drivers\acpi.sys
0x0093F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00948000 \SystemRoot\system32\drivers\msisadrv.sys
0x00952000 \SystemRoot\system32\drivers\pci.sys
0x00982000 \SystemRoot\System32\drivers\partmgr.sys
0x00997000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0099B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009A7000 \SystemRoot\system32\drivers\volmgr.sys
0x0075B000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BB000 \SystemRoot\System32\drivers\mountmgr.sys
0x009CE000 \SystemRoot\system32\DRIVERS\pciide.sys
0x009D5000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00A03000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B1D000 \SystemRoot\system32\drivers\atapi.sys
0x00B25000 \SystemRoot\system32\drivers\ataport.SYS
0x00B49000 \SystemRoot\system32\drivers\msahci.sys
0x00B53000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B99000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E02000 \SystemRoot\system32\drivers\ndis.sys
0x00C8D000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDD000 \SystemRoot\system32\drivers\NETIO.SYS
0x00D35000 \SystemRoot\System32\Drivers\aswNdis2.sys
0x00FC5000 \SystemRoot\system32\DRIVERS\aswNdis.sys
0x01005000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01189000 \SystemRoot\system32\drivers\volsnap.sys
0x011CD000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x00D76000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x011D2000 \SystemRoot\System32\Drivers\spldr.sys
0x011DA000 \SystemRoot\System32\Drivers\mup.sys
0x00FCC000 \SystemRoot\System32\drivers\ecache.sys
0x011EC000 \SystemRoot\system32\drivers\disk.sys
0x00BAD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DF5000 \SystemRoot\system32\drivers\crcdisk.sys
0x02120000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0212D000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02136000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x0213E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02151000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0220B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02A03000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02AE2000 \SystemRoot\System32\drivers\watchdog.sys
0x02AF1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02AFD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02B43000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02B54000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02B67000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02C0B000 \SystemRoot\system32\DRIVERS\athrx.sys
0x02D27000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02D39000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02D49000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x02D69000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x02D7E000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x02D95000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x02B92000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02DEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02BA8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x02DFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02997000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02C00000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x029A3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x029BF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x029CC000 \SystemRoot\system32\DRIVERS\serscan.sys
0x029D4000 \SystemRoot\system32\drivers\ksthunk.sys
0x02156000 \SystemRoot\system32\drivers\ks.sys
0x0218A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02E07000 \SystemRoot\system32\DRIVERS\storport.sys
0x02E64000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E71000 \SystemRoot\System32\Drivers\RootMdm.sys
0x02E79000 \SystemRoot\system32\drivers\modem.sys
0x02E88000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02EAB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02EB7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02EE8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02EF8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02F16000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02F2E000 \SystemRoot\system32\DRIVERS\wanatw64.sys
0x02F3A000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x02F42000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02F54000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02F56000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02F61000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02F71000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02FB8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04401000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04555000 \SystemRoot\system32\drivers\portcls.sys
0x04590000 \SystemRoot\system32\drivers\drmk.sys
0x04002000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0413E000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x041AC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x041B6000 \SystemRoot\System32\Drivers\Null.SYS
0x041BF000 \SystemRoot\System32\drivers\vga.sys
0x041CD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x041F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x045B3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x045BC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x045C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x045D8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0480C000 \SystemRoot\System32\drivers\tcpip.sys
0x04980000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x049AC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x049C9000 \SystemRoot\System32\Drivers\aswFW.SYS
0x045E1000 \SystemRoot\system32\DRIVERS\smb.sys
0x049EB000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x04A04000 \SystemRoot\system32\drivers\afd.sys
0x04A71000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x04A7B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04ABF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04ADD000 \SystemRoot\system32\DRIVERS\jswpslwfx.sys
0x04AEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04AF9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04B14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04B62000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04B6E000 \SystemRoot\System32\Drivers\dfsc.sys
0x04B8B000 \SystemRoot\System32\Drivers\aswSP.SYS
0x04BAE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04BCA000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x04BD2000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02FCC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02000000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x04800000 \SystemRoot\System32\drivers\Dxapi.sys
0x02FDA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x029DA000 \SystemRoot\system32\drivers\luafv.sys
0x021C2000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x02FED000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x1620E000 \SystemRoot\system32\drivers\spsys.sys
0x162A8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x162BC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x162F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x162FB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x16313000 \SystemRoot\system32\drivers\HTTP.sys
0x163B2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x163DA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x021DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x00BD9000 \SystemRoot\system32\drivers\mrxdav.sys
0x007C1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x16C04000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x16C4D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x16C6C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x16C9E000 \SystemRoot\System32\DRIVERS\srv.sys
0x16D35000 \SystemRoot\system32\drivers\peauth.sys
0x16DEB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x009E5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x15A0C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x770B0000 \Windows\System32\ntdll.dll

Processes (total 92):
0 System Idle Process
4 System
540 C:\Windows\System32\smss.exe
668 csrss.exe
712 C:\Windows\System32\wininit.exe
732 csrss.exe
768 C:\Windows\System32\services.exe
780 C:\Windows\System32\lsass.exe
788 C:\Windows\System32\lsm.exe
832 C:\Windows\System32\winlogon.exe
972 C:\Windows\System32\svchost.exe
276 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
460 C:\Windows\System32\svchost.exe
640 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\SLsvc.exe
1256 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\svchost.exe
1580 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1588 C:\Windows\System32\wlanext.exe
1656 C:\Program Files\Alwil Software\Avast5\afwServ.exe
1976 C:\Windows\System32\spoolsv.exe
2004 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\agr64svc.exe
1724 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1332 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1288 C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
2068 C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
2204 C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe
2280 C:\Windows\System32\svchost.exe
2320 C:\Windows\System32\taskeng.exe
2348 C:\Windows\SysWOW64\rpcnet.exe
2520 C:\Windows\System32\svchost.exe
2552 C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
2620 C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2640 C:\Windows\System32\TODDSrv.exe
2652 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2720 C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2732 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
2756 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2788 C:\Windows\System32\svchost.exe
2824 C:\Windows\System32\SearchIndexer.exe
3024 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
3136 WmiPrvSE.exe
3428 C:\Windows\System32\dwm.exe
3452 C:\Windows\System32\taskeng.exe
3516 C:\Windows\explorer.exe
3932 C:\Windows\System32\igfxtray.exe
3960 C:\Windows\System32\hkcmd.exe
4000 C:\Windows\System32\igfxpers.exe
4028 C:\Windows\RAVCpl64.exe
2984 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2432 C:\Windows\System32\igfxsrvc.exe
2504 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
3940 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3620 C:\Program Files\Windows Defender\MSASCui.exe
3440 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3796 C:\Windows\vVX3000.exe
3944 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
3972 C:\Windows\ehome\ehtray.exe
3776 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
4104 C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
4160 C:\Windows\ehome\ehmsas.exe
4200 C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
4464 C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
4492 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
4504 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
4548 C:\Program Files (x86)\Common Files\aol\1260934181\ee\aolsoftware.exe
4584 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
4772 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4784 C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
4800 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4940 C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
5100 C:\Program Files\iPod\bin\iPodService.exe
3672 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
372 C:\Windows\System32\wuauclt.exe
4352 C:\Windows\System32\taskeng.exe
3540 C:\Windows\System32\sdclt.exe
4412 C:\Windows\System32\svchost.exe
2212 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4012 C:\Program Files (x86)\AOL 9.5\waol.exe
2300 C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
2152 C:\Program Files (x86)\AOL 9.5\shellmon.exe
3664 C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
5012 C:\Program Files (x86)\WinZip\WINZIP32.EXE
3988 C:\Windows\explorer.exe
4368 dllhost.exe
3556 dllhost.exe
1252 C:\Users\Puter\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-26VAT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!



Updated JAVA!

Here is the C promt Scan:


Microsoft Windows [Version 6.0.6001]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>




OTL logfile created on: 8/31/2010 12:21:25 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Puter\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.49 Gb Total Space | 75.86 Gb Free Space | 33.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTER-PC
Current User Name: Puter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/31 00:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Puter\Downloads\OTL.exe
PRC - [2010/07/22 22:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/04/18 21:28:14 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/10/28 10:38:50 | 000,039,272 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.5\waol.exe
PRC - [2009/10/28 10:38:49 | 000,054,632 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.5\shellmon.exe
PRC - [2009/07/20 15:52:23 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1260934181\ee\aolsoftware.exe
PRC - [2009/05/13 22:05:36 | 000,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 21:35:30 | 000,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/07/10 20:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/13 22:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/09/28 19:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/04/10 17:46:35 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/31 00:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Puter\Downloads\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2008/04/24 21:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 16:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 20:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/04/18 21:28:14 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/05/28 19:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 14:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/05/17 17:45:33 | 000,443,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/06/28 16:33:00 | 000,061,008 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/28 16:10:45 | 000,012,368 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/23 04:59:10 | 000,097,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/07/18 21:52:16 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/26 19:24:18 | 000,020,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 21:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/28 19:59:26 | 000,026,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/04/18 03:55:22 | 001,133,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/04/15 13:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/21 13:24:20 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 21:12:56 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/04/10 17:46:36 | 002,105,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VX3000.sys -- (VX3000)
DRV:64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/09 02:34:00 | 000,237,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 02:33:00 | 000,248,320 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 19:33:08 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/08/31 00:14:32 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE:64bit: - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windiwsfsearch.com/search?q=%s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/wundermap/?lat...gustine%2c%20FL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uvlink.uvu.edu/cp/home/loginf"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tbff50-ab-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/20 01:01:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/30 23:38:23 | 000,000,000 | ---D | M]

[2009/05/23 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\Mozilla\Extensions
[2010/08/31 00:09:38 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\Mozilla\Firefox\Profiles\pogf8f76.default\extensions
[2009/09/02 19:37:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Puter\AppData\Roaming\Mozilla\Firefox\Profiles\pogf8f76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/11 14:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Puter\AppData\Roaming\Mozilla\Firefox\Profiles\pogf8f76.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/09/11 14:45:44 | 000,001,731 | ---- | M] () -- C:\Users\Puter\AppData\Roaming\Mozilla\Firefox\Profiles\pogf8f76.default\searchplugins\aol-search.xml
[2010/08/30 23:38:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/30 23:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/30 23:38:15 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1260934181\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [1618835141] C:\Program Files (x86)\Toshiba Registration\Registration.exe File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL 9.5\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Puter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Puter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Puter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - C:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/30 23:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/30 23:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/30 23:00:38 | 000,000,000 | ---D | C] -- C:\Users\Puter\AppData\Local\WinZip
[2010/08/30 22:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/08/30 22:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/08/24 22:59:53 | 000,000,000 | -HSD | C] -- C:\found.005
[2010/08/22 20:56:31 | 000,000,000 | ---D | C] -- C:\Users\Puter\Desktop\gmer
[2010/08/22 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Puter\Desktop\gmer (2)
[2010/08/22 16:51:08 | 000,000,000 | -HSD | C] -- C:\found.004
[2010/08/22 13:10:40 | 000,000,000 | -HSD | C] -- C:\found.003
[2010/08/20 00:47:35 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/20 00:47:33 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/08/08 13:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/08 12:36:31 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/08/04 01:43:46 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/07/30 00:20:34 | 000,000,000 | ---D | C] -- C:\Users\Puter\AppData\Roaming\Malwarebytes
[2010/07/30 00:20:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/30 00:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/30 00:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/22 21:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/07/22 21:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/22 21:32:18 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/07/21 19:50:20 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Users\Puter\Desktop\remover.exe
[2010/06/25 18:30:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/24 22:02:11 | 000,000,000 | ---D | C] -- C:\Users\Puter\Desktop\New Folder
[2010/06/12 11:08:15 | 000,000,000 | ---D | C] -- C:\Users\Puter\Documents\OneNote Notebooks
[2 C:\Users\Puter\Desktop\*.tmp files -> C:\Users\Puter\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/31 00:20:41 | 003,145,728 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT
[2010/08/31 00:14:32 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/31 00:11:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/31 00:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/31 00:08:40 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/08/31 00:08:36 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/08/31 00:08:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 00:08:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:08:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:08:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 00:08:02 | 4156,547,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 00:07:04 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/31 00:07:04 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TM.blf
[2010/08/31 00:06:59 | 002,821,796 | -H-- | M] () -- C:\Users\Puter\AppData\Local\IconCache.db
[2010/08/30 22:59:57 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/08/29 19:13:54 | 000,000,000 | ---- | M] () -- C:\Users\Puter\defogger_reenable
[2010/08/29 19:05:25 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/08/29 19:04:43 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/08/22 22:10:47 | 784,766,757 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/22 20:48:26 | 000,284,915 | ---- | M] () -- C:\Users\Puter\Desktop\gmer (2).zip
[2010/08/22 20:47:32 | 000,284,915 | ---- | M] () -- C:\Users\Puter\Desktop\gmer.zip
[2010/08/22 20:33:22 | 000,525,824 | ---- | M] () -- C:\Users\Puter\Desktop\dds.scr
[2010/08/22 20:30:05 | 000,050,477 | ---- | M] () -- C:\Users\Puter\Desktop\Defogger.exe
[2010/08/22 18:07:31 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/22 16:48:06 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/22 16:48:06 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TM.blf
[2010/08/22 13:21:17 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/22 13:21:17 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/22 13:21:17 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 00:57:41 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 01:01:54 | 000,001,813 | ---- | M] () -- C:\Users\Puter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/20 01:01:53 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/20 00:52:13 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/08/20 00:49:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/20 00:33:36 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/20 00:20:09 | 000,374,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 00:11:32 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 00:11:32 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TM.blf
[2010/08/12 00:08:11 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 12:33:42 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{5cb3d990-95f6-11df-88db-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 12:33:42 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{5cb3d990-95f6-11df-88db-00038a000015}.TM.blf
[2010/08/02 23:50:39 | 053,136,280 | ---- | M] () -- C:\Users\Puter\Desktop\setup_ais_eng.exe
[2010/08/02 23:02:30 | 000,001,664 | ---- | M] () -- C:\Users\Puter\Desktop\License.avastlic
[2010/07/30 00:32:07 | 000,005,972 | ---- | M] () -- C:\Users\Puter\AppData\Local\d3d9caps.dat
[2010/07/30 00:20:21 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/24 18:20:42 | 000,031,232 | ---- | M] () -- C:\Users\Puter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 18:19:42 | 000,003,314 | ---- | M] () -- C:\Users\Puter\Documents\License.avastlic
[2010/07/24 18:18:48 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/07/22 21:05:58 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{5cb3d990-95f6-11df-88db-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Users\Puter\Desktop\remover.exe
[2010/07/18 19:13:32 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/07/18 19:13:32 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/07/18 18:18:58 | 000,007,910 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/07/05 19:15:01 | 000,030,608 | ---- | M] () -- C:\Users\Puter\Desktop\Pilot Log.xlsx
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 16:40:01 | 000,124,496 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFW.sys
[2010/06/28 16:39:49 | 000,432,720 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/06/28 16:39:23 | 000,250,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2010/06/28 16:37:56 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 16:37:36 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 16:33:17 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 16:33:00 | 000,061,008 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 16:32:36 | 000,020,048 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/28 16:10:45 | 000,012,368 | ---- | M] () -- C:\Windows\SysNative\drivers\aswNdis.sys
[2010/06/28 12:55:07 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/28 12:53:56 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/28 12:53:55 | 000,580,608 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/28 12:52:23 | 000,375,296 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/28 12:52:23 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/28 12:52:22 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/28 12:52:22 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/28 12:52:21 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/28 11:35:36 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2010/06/18 13:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/12 11:21:08 | 000,001,094 | ---- | M] () -- C:\Users\Puter\Desktop\old-city-helicopters-coupons.csv
[2010/06/12 11:08:15 | 000,001,152 | ---- | M] () -- C:\Users\Puter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/08 13:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/06/03 19:22:45 | 000,022,800 | ---- | M] () -- C:\Users\Puter\AppData\Roaming\wklnhst.dat
[2 C:\Users\Puter\Desktop\*.tmp files -> C:\Users\Puter\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/30 22:59:57 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/08/30 22:23:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/29 19:13:54 | 000,000,000 | ---- | C] () -- C:\Users\Puter\defogger_reenable
[2010/08/22 20:48:25 | 000,284,915 | ---- | C] () -- C:\Users\Puter\Desktop\gmer (2).zip
[2010/08/22 20:47:32 | 000,284,915 | ---- | C] () -- C:\Users\Puter\Desktop\gmer.zip
[2010/08/22 20:33:21 | 000,525,824 | ---- | C] () -- C:\Users\Puter\Desktop\dds.scr
[2010/08/22 20:30:05 | 000,050,477 | ---- | C] () -- C:\Users\Puter\Desktop\Defogger.exe
[2010/08/22 18:07:31 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/22 18:07:31 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/22 18:07:31 | 000,065,536 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TM.blf
[2010/08/20 01:01:54 | 000,001,813 | ---- | C] () -- C:\Users\Puter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/20 01:01:53 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/20 00:52:13 | 000,121,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/08/20 00:52:13 | 000,020,048 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/08/20 00:52:13 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/08/20 00:52:12 | 000,432,720 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/08/20 00:52:12 | 000,124,496 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFW.sys
[2010/08/20 00:49:29 | 000,250,448 | ---- | C] () -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2010/08/20 00:49:29 | 000,051,280 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/08/20 00:49:29 | 000,028,752 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/08/20 00:49:26 | 000,061,008 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/08/20 00:47:52 | 000,427,098 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistMSI7016.txt
[2010/08/20 00:47:48 | 000,011,646 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistUI7016.txt
[2010/08/20 00:47:38 | 000,012,368 | ---- | C] () -- C:\Windows\SysNative\drivers\aswNdis.sys
[2010/08/20 00:20:54 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/20 00:20:54 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/20 00:20:54 | 000,065,536 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TM.blf
[2010/08/13 23:48:54 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/13 23:48:45 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/13 23:48:45 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/13 23:48:40 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/13 23:48:36 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/13 23:48:30 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/13 23:48:19 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/13 23:48:15 | 005,691,904 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/13 23:48:07 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/13 23:48:06 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/13 23:48:05 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/13 23:48:03 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/13 23:48:02 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/08/13 23:48:01 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/08/13 23:48:00 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/08/13 23:47:59 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/13 23:47:58 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/13 23:47:57 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/13 23:47:57 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/13 23:47:57 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/13 23:47:54 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/08/13 23:47:54 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/13 23:47:53 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/13 23:47:52 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/13 23:47:44 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/12 00:05:50 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 00:05:50 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 00:05:50 | 000,065,536 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TM.blf
[2010/08/02 23:52:47 | 000,337,176 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistMSI15B7.txt
[2010/08/02 23:52:46 | 000,011,422 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistUI15B7.txt
[2010/08/02 23:49:52 | 053,136,280 | ---- | C] () -- C:\Users\Puter\Desktop\setup_ais_eng.exe
[2010/08/02 23:07:40 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/02 23:02:30 | 000,001,664 | ---- | C] () -- C:\Users\Puter\Desktop\License.avastlic
[2010/07/30 00:20:21 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/30 00:20:16 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/24 18:19:38 | 000,003,314 | ---- | C] () -- C:\Users\Puter\Documents\License.avastlic
[2010/07/22 21:46:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/07/22 21:45:31 | 000,427,828 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistMSI58D9.txt
[2010/07/22 21:45:30 | 000,011,662 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistUI58D9.txt
[2010/07/22 21:05:58 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{5cb3d990-95f6-11df-88db-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/07/22 21:05:58 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{5cb3d990-95f6-11df-88db-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/07/22 21:05:58 | 000,065,536 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{5cb3d990-95f6-11df-88db-00038a000015}.TM.blf
[2010/07/22 20:03:05 | 000,270,208 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/07/18 19:14:14 | 4156,547,072 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/25 18:29:40 | 784,766,757 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/24 22:02:46 | 005,041,759 | ---- | C] () -- C:\Users\Puter\Desktop\P5150692.JPG
[2010/06/23 03:00:51 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 03:00:51 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 03:00:46 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/23 03:00:45 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/23 03:00:44 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/23 03:00:27 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 03:00:27 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/23 03:00:27 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 03:00:27 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 03:00:27 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/22 19:50:38 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/22 19:50:35 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/12 11:19:01 | 000,001,094 | ---- | C] () -- C:\Users\Puter\Desktop\old-city-helicopters-coupons.csv
[2010/06/12 11:08:15 | 000,001,152 | ---- | C] () -- C:\Users\Puter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/06/12 03:55:12 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/12 03:55:09 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/12 03:55:06 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/12 03:54:44 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/12 03:54:12 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2009/12/15 23:11:50 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/07/29 12:09:25 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/29 12:09:25 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/06/12 11:01:51 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/01 11:00:18 | 000,031,232 | ---- | C] () -- C:\Users\Puter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/23 20:10:10 | 000,004,096 | -H-- | C] () -- C:\Users\Puter\AppData\Local\keyfile3.drm
[2009/05/23 19:48:34 | 000,022,800 | ---- | C] () -- C:\Users\Puter\AppData\Roaming\wklnhst.dat
[2009/05/23 14:57:39 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/05/23 14:57:39 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/05/23 14:57:39 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2009/05/23 14:54:36 | 000,005,972 | ---- | C] () -- C:\Users\Puter\AppData\Local\d3d9caps.dat
[2009/05/23 14:15:02 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/05/23 14:11:34 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/05/23 12:18:09 | 000,000,015 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/08/14 16:08:36 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 15:52:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/14 15:52:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/14 15:52:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/14 15:52:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/14 15:52:01 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/14 15:52:01 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2007/04/10 17:46:36 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

========== LOP Check ==========

[2009/08/22 10:43:55 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\CVS
[2009/12/19 10:34:02 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\Funambol
[2010/04/30 00:54:45 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\Research In Motion
[2009/05/23 19:48:35 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\Template
[2009/11/06 14:49:19 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\TOSHIBA
[2009/06/10 10:22:19 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\Ulead Systems
[2009/08/05 16:11:20 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\WildTangent
[2010/08/31 00:07:06 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/03 21:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2008/03/25 23:53:12 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=18369BF8FD59C22E4C12ABD2A3A5AB2D -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_14d4e8ca930556b0\AGP440.sys
[2008/03/24 23:56:03 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=82EB67122D92A53BBBC33FC731682E10 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_1691e66e904a8cec\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 21:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/03/12 02:55:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2001/08/30 21:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\I386\SYSTEM32\drivers\ATAPI.SYS
[2001/08/31 04:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\MiniNT\system32\drivers\ATAPI.SYS
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/03/12 02:53:06 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/07/20 20:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2004/08/19 19:03:14 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\I386\SYSTEM32\drivers\iaStor.sys
[2004/08/20 02:03:14 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\MiniNT\system32\drivers\iaStor.sys
[2008/07/20 20:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2001/08/16 22:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\I386\SYSTEM32\netlogon.dll
[2001/08/17 05:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\MiniNT\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/01/27 20:11:00 | 000,063,744 | ---- | M] (NVIDIA Corporation) MD5=4B7A1230820ED27834050CB32A0E3B64 -- C:\I386\SYSTEM32\drivers\NvAtaBus.sys
[2004/01/28 03:11:00 | 000,063,744 | ---- | M] (NVIDIA Corporation) MD5=4B7A1230820ED27834050CB32A0E3B64 -- C:\MiniNT\system32\drivers\NvAtaBus.sys

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2001/08/16 22:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\I386\SYSTEM32\scecli.dll
[2001/08/17 05:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\MiniNT\system32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >




OTL Extras logfile created on: 8/31/2010 12:21:25 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Puter\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.49 Gb Total Space | 75.86 Gb Free Space | 33.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTER-PC
Current User Name: Puter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EC85EA5-8378-41A5-87C1-D8790E9E9B6B}" = rport=137 | protocol=17 | dir=out | app=system |
"{24D85A7C-9141-4360-B7A8-70AA3B1123B0}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F6DF0FD-00F7-498E-805A-B5919D43650F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{50B03EF0-A598-421C-BADA-6A3964E1AE75}" = lport=137 | protocol=17 | dir=in | app=system |
"{5AACE961-E3E1-4B8F-A19C-C4E8945DAF8F}" = lport=445 | protocol=6 | dir=in | app=system |
"{78F01F78-FB09-4719-9BA3-62AE15A73136}" = rport=139 | protocol=6 | dir=out | app=system |
"{BDFBD389-ABF4-4C9B-829A-B305C9CF8EFC}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEB7A563-0BA9-4C03-91CD-83EAC99BF75C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C046A84E-A8BD-476F-8819-1C6DA8B12DEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D4F6A1AA-3F0C-4404-913F-2A8AC947444C}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA7F5F98-2E67-4097-8412-70E54D63A4DC}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B00D6D-F937-4F01-BDAB-AD6FDC1BE338}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{05D4B29B-DEE5-480F-9A5C-96D0CA99EEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{0BFCC704-0CEB-4BF5-B9DE-3945EA8CFED5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1243100075\ee\aolsoftware.exe |
"{11DFF4FF-7EB9-4B6D-A8F7-3A7C6866ADC8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{16387497-3C0F-4D7D-87B7-5C41F687FFE1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1731C390-E579-4ADE-BDD3-B639722EEB6B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{197D7D81-889C-48F5-9022-FF0338289B45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2CCAFF2A-C892-4889-B442-5F3CE6B6C1BF}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{3178E18D-F070-4EB2-AC27-75122439160A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{34F0E31D-7B5B-4F56-8C04-9A9DDC48D10E}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{3F3B07A4-BA31-4B61-8E49-A2FBD23B6C72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4C9A45B4-A702-43E1-9EE9-C9F31D263C59}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{4DDA95B9-2CDF-422B-8368-C3DEE22A886B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{4F4E3CC5-E813-498E-AF61-8C88620965B3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{55937FF8-EAF7-48A1-AB60-767262AC810D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{64D6CEC2-D872-44B7-8191-584BDCA1A9A8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1243100075\ee\aolsoftware.exe |
"{67C22657-3CDE-4A15-9A4E-2B095554FC10}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{6B9F03B3-2D10-46B3-B30C-1CD5AF487F81}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6D14359C-0D59-4A49-97AD-944549A36794}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe |
"{6FA98034-6A08-4FC4-89B6-35DA71C51062}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{7AB39B9A-CDA9-497A-BEF4-75550C62AB54}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe |
"{7D52CE4A-52FD-4F0D-8FF4-BED4E825B75C}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe |
"{7F8F294E-F5AA-41C6-8462-402961848218}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{7FCACB1B-628C-4B0E-9CFE-B56ADE3084E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{89EFCFE3-D49F-45EA-96EA-9DBD314B2D29}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1a\waol.exe |
"{8A764B83-4975-45BD-929E-D75AB8A6A744}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{92BE4E38-1562-48E8-ADAE-00F61025EAAB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{979E6EEA-5231-4F83-8AAB-650072DE82B1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{9E0C7E3C-45AC-400F-B734-5B87F7310D61}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A170A750-C0C4-42AF-89C3-3137856748B8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A1D9CD91-A7F6-4C45-B7DF-7786773DD458}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A470FE23-A69F-4A0B-A976-8DFD4B8E5DDB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A527737B-0CAD-4F9D-AEB9-962729D6B838}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AE25DD32-539A-48BD-B6F2-90084E486BB2}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{B57A2BFC-E96B-4A52-993B-3C93DEB2D496}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B5941451-F496-4D3C-8C63-7ADCD842AC8E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{B8159DE7-71FD-4C0F-A769-E116AEFE4FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B97F7A1E-C51B-4339-B05D-8D2D8D63EBB9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD372C2B-208A-4DDA-92CC-201881C3CAEB}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe |
"{C0A5C3AE-D04B-4104-AD3D-9C3260ADD141}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{C10FDCF2-8200-448B-9F9D-C8CB66177CEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C9BCA51E-9A0A-45F0-ACAD-982A6DC5C958}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{CDE92598-6368-4D65-88D3-3719A6329A3E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1260934181\ee\aolsoftware.exe |
"{D6D7FA71-3454-4969-9E95-DA66BA659629}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{E293AC18-75EE-47E5-AD71-4AC3EEA273BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E77C8C3C-94CF-4464-BF78-B4C4D09ECDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E85627B5-770D-41E0-BFCD-4812F61D4668}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E9349C19-DECE-4D84-A24E-51A964446FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1260934181\ee\aolsoftware.exe |
"{ECBCE4CC-6D87-4DED-B1F8-97A53684851C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{EDB8385E-4F3C-49F7-8603-3AA8F11B4701}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{F5B040C5-B91C-4361-AE41-9E6FAD218D63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F8E6D8E1-8E9A-4654-95DE-17095222897A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{FB1DFC40-572D-4148-BBF6-6C0F550955C4}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1a\waol.exe |
"TCP Query User{DF6C6FD7-846D-4A29-9476-92B900BD8E89}C:\program files (x86)\aol 9.1a\waol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1a\waol.exe |
"UDP Query User{41CE5C5C-3026-4EF9-A377-825978222ACF}C:\program files (x86)\aol 9.1a\waol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1a\waol.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast5" = avast! Internet Security
"BlackBerry_{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"Funambol Outlook Sync Client" = Funambol Outlook Sync Client 7.2.2
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/20/2010 12:37:48 AM | Computer Name = Puter-PC | Source = ESENT | ID = 489
Description = Windows (4800) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 8/20/2010 12:37:48 AM | Computer Name = Puter-PC | Source = ESENT | ID = 455
Description = Windows (4800) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 8/20/2010 12:37:48 AM | Computer Name = Puter-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 8/20/2010 12:37:48 AM | Computer Name = Puter-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/20/2010 12:38:19 AM | Computer Name = Puter-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/20/2010 12:40:02 AM | Computer Name = Puter-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\asOutExt.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/20/2010 12:44:28 AM | Computer Name = Puter-PC | Source = ESENT | ID = 489
Description = Windows (2476) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 8/20/2010 12:44:28 AM | Computer Name = Puter-PC | Source = ESENT | ID = 455
Description = Windows (2476) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 8/20/2010 12:44:38 AM | Computer Name = Puter-PC | Source = ESENT | ID = 489
Description = Windows (2476) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 8/20/2010 12:44:38 AM | Computer Name = Puter-PC | Source = ESENT | ID = 455
Description = Windows (2476) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

[ Media Center Events ]
Error - 6/9/2009 10:36:05 AM | Computer Name = Puter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/3/2009 11:57:42 PM | Computer Name = Puter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/30/2010 10:28:22 PM | Computer Name = Puter-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/30/2010 10:29:42 PM | Computer Name = Puter-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/30/2010 10:43:28 PM | Computer Name = Puter-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/30/2010 11:12:37 PM | Computer Name = Puter-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/30/2010 11:12:49 PM | Computer Name = Puter-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/30/2010 11:40:41 PM | Computer Name = Puter-PC | Source = HTTP | ID = 15016
Description =

Error - 8/30/2010 11:41:53 PM | Computer Name = Puter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/31/2010 12:08:28 AM | Computer Name = Puter-PC | Source = HTTP | ID = 15016
Description =

Error - 8/31/2010 12:09:36 AM | Computer Name = Puter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/31/2010 12:14:32 AM | Computer Name = Puter-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.


< End of report >



I have been working on this for a couple of hours. So far, no crashing.

Thanks again.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:19 PM

Posted 31 August 2010 - 02:02 PM

Hello,

Lets do some cleanup and checking for any malware.

1.
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    IE:64bit: - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windiwsfsearch.com/search?q=%s
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/wundermap/?lat...gustine%2c%20FL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
    O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Jumpstart\jswtrayutil.exe File not found
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKCU..\Run: [1618835141] C:\Program Files (x86)\Toshiba Registration\Registration.exe File not found
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

    :commands
    [emptytemp]
    [Reboot]
    [Createrestorepoint]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

2.
Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3.
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

4.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

5.
    1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
OTL fix log
MBAM log
Eset log
Tdss log
The new OTL and Extra.txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 i5staniel

i5staniel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 31 August 2010 - 10:55 PM

Well, on start up I go a black screen with:

Window Activation

An unauthorized change was made to windows.

Windows has discovered a change that will result in limited Windows functionality. Use the link below to find out how to fix windows.

--->Learn more online

---> Close

Close or X slowly gets me to a log in screen that then takes me back to this same screen.

I shut down from the log on screen. Then it started fine the next time.


Eset won't run a full scan. the farthest I got was 68%. I tried 4 times. The other 3 time it only made it to 43% or 49% before freezing. Twice it checked disc for consistancy.







All processes killed
========== OTL ==========
HKLM\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\1618835141 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hp owner
->Temp folder emptied: 113324 bytes
->Temporary Internet Files folder emptied: 414088 bytes

User: Public

User: Puter
->Temp folder emptied: 296057270 bytes
->Temporary Internet Files folder emptied: 239897656 bytes
->Java cache emptied: 8724599 bytes
->FireFox cache emptied: 91135414 bytes
->Google Chrome cache emptied: 7608956 bytes
->Flash cache emptied: 146232 bytes

User: Stan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138717707 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 323027824 bytes

Total Files Cleaned = 1,055.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.11.0 log created on 08312010_195132

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPW3LDJD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2YDRKGT\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WE1G3BT\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41MJ81FE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...







Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4518

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/31/2010 8:09:40 PM
mbam-log-2010-08-31 (20-09-40).txt

Scan type: Quick scan
Objects scanned: 156610
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






ESET won't complete a full scan.





TDSSKiller.exe turned up nothing to report.



OTL logfile created on: 8/31/2010 11:39:23 PM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Puter\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.49 Gb Total Space | 75.34 Gb Free Space | 33.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTER-PC
Current User Name: Puter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/31 00:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Puter\Desktop\OTL.exe
PRC - [2010/07/22 22:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/04/18 21:28:14 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/10/28 10:38:50 | 000,039,272 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.5\waol.exe
PRC - [2009/10/28 10:38:49 | 000,054,632 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.5\shellmon.exe
PRC - [2009/07/20 15:52:23 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1260934181\ee\aolsoftware.exe
PRC - [2009/05/13 22:05:36 | 000,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 21:35:30 | 000,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/12/13 22:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/09/28 19:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/04/10 17:46:35 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/31 00:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Puter\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2008/04/24 21:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 16:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 20:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/04/18 21:28:14 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/05/28 19:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 14:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/05/17 17:45:33 | 000,443,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/06/28 16:33:00 | 000,061,008 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/28 16:10:45 | 000,012,368 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/23 04:59:10 | 000,097,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/07/18 21:52:16 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/26 19:24:18 | 000,020,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 21:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/28 19:59:26 | 000,026,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/04/18 03:55:22 | 001,133,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/04/15 13:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/21 13:24:20 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 21:12:56 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/04/10 17:46:36 | 002,105,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VX3000.sys -- (VX3000)
DRV:64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/09 02:34:00 | 000,237,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 02:33:00 | 000,248,320 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 19:33:08 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/08/31 00:14:32 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE:64bit: - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uvlink.uvu.edu/cp/home/loginf"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tbff50-ab-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/20 01:01:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/30 23:38:23 | 000,000,000 | ---D | M]

[2009/05/23 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\Mozilla\Extensions
[2010/08/31 23:06:52 | 000,000,000 | ---D | M] -- C:\Users\Puter\AppData\Roaming\Mozilla\Firefox\Profiles\pogf8f76.default\extensions
[2009/09/02 19:37:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Puter\AppData\Roaming\Mozilla\Firefox\Profiles\pogf8f76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/11 14:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Puter\AppData\Roaming\Mozilla\Firefox\Profiles\pogf8f76.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/09/11 14:45:44 | 000,001,731 | ---- | M] () -- C:\Users\Puter\AppData\Roaming\Mozilla\Firefox\Profiles\pogf8f76.default\searchplugins\aol-search.xml
[2010/08/30 23:38:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/30 23:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/30 23:38:15 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1260934181\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL 9.5\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Puter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Puter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Puter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - C:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 22:58:33 | 001,210,704 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Puter\Desktop\tdsskiller.exe
[2010/08/31 20:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/31 19:51:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/31 00:20:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Puter\Desktop\OTL.exe
[2010/08/30 23:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/30 23:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/30 23:38:23 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/30 23:38:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/30 23:38:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/30 23:38:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/30 23:00:38 | 000,000,000 | ---D | C] -- C:\Users\Puter\AppData\Local\WinZip
[2010/08/30 22:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/08/30 22:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/08/24 22:59:53 | 000,000,000 | -HSD | C] -- C:\found.005
[2010/08/22 20:56:31 | 000,000,000 | ---D | C] -- C:\Users\Puter\Desktop\gmer
[2010/08/22 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Puter\Desktop\gmer (2)
[2010/08/22 16:51:08 | 000,000,000 | -HSD | C] -- C:\found.004
[2010/08/22 13:10:40 | 000,000,000 | -HSD | C] -- C:\found.003
[2010/08/20 00:47:35 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/20 00:47:33 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/08/13 23:48:36 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/13 23:48:34 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/13 23:48:12 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/08/13 23:47:58 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/08/13 23:47:57 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/08/13 23:47:56 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/08/13 23:47:56 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/13 23:47:56 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/13 23:47:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/13 23:47:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/08/08 13:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/08 12:36:31 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/08/04 01:43:46 | 000,000,000 | -HSD | C] -- C:\found.001
[2 C:\Users\Puter\Desktop\*.tmp files -> C:\Users\Puter\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 23:39:06 | 003,145,728 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT
[2010/08/31 23:11:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/31 22:58:41 | 001,210,704 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Puter\Desktop\tdsskiller.exe
[2010/08/31 22:50:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/31 22:50:50 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/08/31 22:50:48 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/08/31 22:50:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 22:50:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 22:50:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 22:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 22:50:22 | 4156,547,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 22:11:24 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/08/31 22:10:54 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/08/31 21:13:04 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/31 21:13:04 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TM.blf
[2010/08/31 20:06:16 | 002,672,312 | ---- | M] () -- C:\Users\Puter\Desktop\esetsmartinstaller_enu.exe
[2010/08/31 19:56:59 | 002,747,910 | -H-- | M] () -- C:\Users\Puter\AppData\Local\IconCache.db
[2010/08/31 00:20:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Puter\Desktop\OTL.exe
[2010/08/31 00:14:32 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/30 23:38:15 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/30 23:38:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/30 23:38:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/30 23:38:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/30 22:59:57 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/08/29 19:13:54 | 000,000,000 | ---- | M] () -- C:\Users\Puter\defogger_reenable
[2010/08/22 22:10:47 | 784,766,757 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/22 20:48:26 | 000,284,915 | ---- | M] () -- C:\Users\Puter\Desktop\gmer (2).zip
[2010/08/22 20:47:32 | 000,284,915 | ---- | M] () -- C:\Users\Puter\Desktop\gmer.zip
[2010/08/22 20:33:22 | 000,525,824 | ---- | M] () -- C:\Users\Puter\Desktop\dds.scr
[2010/08/22 20:30:05 | 000,050,477 | ---- | M] () -- C:\Users\Puter\Desktop\Defogger.exe
[2010/08/22 18:07:31 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/22 16:48:06 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/22 16:48:06 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TM.blf
[2010/08/22 13:21:17 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/22 13:21:17 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/22 13:21:17 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 00:57:41 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 01:01:54 | 000,001,813 | ---- | M] () -- C:\Users\Puter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/20 01:01:53 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/20 00:52:13 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/08/20 00:49:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/20 00:33:36 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/20 00:20:09 | 000,374,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 00:11:32 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 00:11:32 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TM.blf
[2010/08/12 00:08:11 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 12:33:42 | 000,524,288 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{5cb3d990-95f6-11df-88db-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 12:33:42 | 000,065,536 | -HS- | M] () -- C:\Users\Puter\NTUSER.DAT{5cb3d990-95f6-11df-88db-00038a000015}.TM.blf
[2010/08/02 23:50:39 | 053,136,280 | ---- | M] () -- C:\Users\Puter\Desktop\setup_ais_eng.exe
[2010/08/02 23:02:30 | 000,001,664 | ---- | M] () -- C:\Users\Puter\Desktop\License.avastlic
[2 C:\Users\Puter\Desktop\*.tmp files -> C:\Users\Puter\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 20:06:04 | 002,672,312 | ---- | C] () -- C:\Users\Puter\Desktop\esetsmartinstaller_enu.exe
[2010/08/30 22:59:57 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/08/30 22:23:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/29 19:13:54 | 000,000,000 | ---- | C] () -- C:\Users\Puter\defogger_reenable
[2010/08/22 20:48:25 | 000,284,915 | ---- | C] () -- C:\Users\Puter\Desktop\gmer (2).zip
[2010/08/22 20:47:32 | 000,284,915 | ---- | C] () -- C:\Users\Puter\Desktop\gmer.zip
[2010/08/22 20:33:21 | 000,525,824 | ---- | C] () -- C:\Users\Puter\Desktop\dds.scr
[2010/08/22 20:30:05 | 000,050,477 | ---- | C] () -- C:\Users\Puter\Desktop\Defogger.exe
[2010/08/22 18:07:31 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/22 18:07:31 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/22 18:07:31 | 000,065,536 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{79423d3b-ae39-11df-a180-00038a000015}.TM.blf
[2010/08/20 01:01:54 | 000,001,813 | ---- | C] () -- C:\Users\Puter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/20 01:01:53 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/20 00:52:13 | 000,121,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/08/20 00:52:13 | 000,020,048 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/08/20 00:52:13 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/08/20 00:52:12 | 000,432,720 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/08/20 00:52:12 | 000,124,496 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFW.sys
[2010/08/20 00:49:29 | 000,250,448 | ---- | C] () -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2010/08/20 00:49:29 | 000,051,280 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/08/20 00:49:29 | 000,028,752 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/08/20 00:49:26 | 000,061,008 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/08/20 00:47:52 | 000,427,098 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistMSI7016.txt
[2010/08/20 00:47:48 | 000,011,646 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistUI7016.txt
[2010/08/20 00:47:38 | 000,012,368 | ---- | C] () -- C:\Windows\SysNative\drivers\aswNdis.sys
[2010/08/20 00:20:54 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/20 00:20:54 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/20 00:20:54 | 000,065,536 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{10c2e599-ac12-11df-a9d9-00038a000015}.TM.blf
[2010/08/13 23:48:54 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/13 23:48:45 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/13 23:48:45 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/13 23:48:40 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/13 23:48:36 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/13 23:48:30 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/13 23:48:19 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/13 23:48:15 | 005,691,904 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/13 23:48:07 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/13 23:48:06 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/13 23:48:05 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/13 23:48:03 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/13 23:48:02 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/08/13 23:48:01 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/08/13 23:48:00 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/08/13 23:47:59 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/13 23:47:58 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/13 23:47:57 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/13 23:47:57 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/13 23:47:57 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/13 23:47:54 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/08/13 23:47:54 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/13 23:47:53 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/13 23:47:52 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/13 23:47:44 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/12 00:05:50 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 00:05:50 | 000,524,288 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 00:05:50 | 000,065,536 | -HS- | C] () -- C:\Users\Puter\NTUSER.DAT{acc37014-a5c6-11df-9870-00038a000015}.TM.blf
[2010/08/02 23:52:47 | 000,337,176 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistMSI15B7.txt
[2010/08/02 23:52:46 | 000,011,422 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistUI15B7.txt
[2010/08/02 23:49:52 | 053,136,280 | ---- | C] () -- C:\Users\Puter\Desktop\setup_ais_eng.exe
[2010/08/02 23:07:40 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/02 23:02:30 | 000,001,664 | ---- | C] () -- C:\Users\Puter\Desktop\License.avastlic
[2010/07/22 21:45:31 | 000,427,828 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistMSI58D9.txt
[2010/07/22 21:45:30 | 000,011,662 | ---- | C] () -- C:\Users\Puter\AppData\Local\dd_vcredistUI58D9.txt
[2009/12/15 23:11:50 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/07/29 12:09:25 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/29 12:09:25 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/06/12 11:01:51 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/01 11:00:18 | 000,031,232 | ---- | C] () -- C:\Users\Puter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/23 20:10:10 | 000,004,096 | -H-- | C] () -- C:\Users\Puter\AppData\Local\keyfile3.drm
[2009/05/23 19:48:34 | 000,022,800 | ---- | C] () -- C:\Users\Puter\AppData\Roaming\wklnhst.dat
[2009/05/23 14:57:39 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/05/23 14:57:39 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/05/23 14:57:39 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2009/05/23 14:54:36 | 000,005,972 | ---- | C] () -- C:\Users\Puter\AppData\Local\d3d9caps.dat
[2009/05/23 14:15:02 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/05/23 14:11:34 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/05/23 12:18:09 | 000,000,015 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/08/14 16:08:36 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 15:52:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/14 15:52:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/14 15:52:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/14 15:52:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/14 15:52:01 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/14 15:52:01 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2007/04/10 17:46:36 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/03 21:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2008/03/25 23:53:12 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=18369BF8FD59C22E4C12ABD2A3A5AB2D -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_14d4e8ca930556b0\AGP440.sys
[2008/03/24 23:56:03 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=82EB67122D92A53BBBC33FC731682E10 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_1691e66e904a8cec\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 21:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/03/12 02:55:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2001/08/30 21:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\I386\SYSTEM32\drivers\ATAPI.SYS
[2001/08/31 04:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\MiniNT\system32\drivers\ATAPI.SYS
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/03/12 02:53:06 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/07/20 20:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2004/08/19 19:03:14 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\I386\SYSTEM32\drivers\iaStor.sys
[2004/08/20 02:03:14 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\MiniNT\system32\drivers\iaStor.sys
[2008/07/20 20:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2001/08/16 22:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\I386\SYSTEM32\netlogon.dll
[2001/08/17 05:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\MiniNT\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/01/27 20:11:00 | 000,063,744 | ---- | M] (NVIDIA Corporation) MD5=4B7A1230820ED27834050CB32A0E3B64 -- C:\I386\SYSTEM32\drivers\NvAtaBus.sys
[2004/01/28 03:11:00 | 000,063,744 | ---- | M] (NVIDIA Corporation) MD5=4B7A1230820ED27834050CB32A0E3B64 -- C:\MiniNT\system32\drivers\NvAtaBus.sys

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2001/08/16 22:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\I386\SYSTEM32\scecli.dll
[2001/08/17 05:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\MiniNT\system32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >




There was no extra file.

Thanks!

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:19 PM

Posted 01 September 2010 - 03:10 PM

Hello,

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 i5staniel

i5staniel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 September 2010 - 11:17 PM

Hey,

I got the same Windows Activation black screen on start up. Shut down, restarted and tried to run an Avast full scan. It made it 44 minutes/ 23% before it crashed. It seems that it doesn't like scans.

Overall it seemsd like it last longer and crashes less often than it did before, but still the same problem.

Thanks.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:19 PM

Posted 02 September 2010 - 01:00 PM

Hello,

It might be a AOL corrupted install. I would delete all Aol associated products and reinstall them. See if that fixes your issues.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 i5staniel

i5staniel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 03 September 2010 - 11:28 PM

I think that did it.

I put it through it's paces and it hasn't skipped a beat.

Thank you so much for all of your help!

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:19 PM

Posted 04 September 2010 - 04:43 PM

Hello,

You are most welcome. Glad to see your machine is back to normal. clapping.gif





This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send a Private Message to any one of the moderating team member or myself. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users