Here you go
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-29 19:06:37
Windows 5.1.2600 Service Pack 2
Running: 6046ii0v.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\pwriyfog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA26CCD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA26CB8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAA26D142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA26D06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA26C764]
SSDT spqv.sys ZwEnumerateKey [0xF76CACA2]
SSDT spqv.sys ZwEnumerateValueKey [0xF76CB030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA26CC68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA26C6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA26C708]
SSDT spqv.sys ZwQueryKey [0xF76CB108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA26CD88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAA26D210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA26CD48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA26CEC8]
INT 0x62 ? 86F65BF8
INT 0x63 ? 86E2EBF8
INT 0x82 ? 86F65BF8
INT 0x94 ? 86E2EBF8
INT 0xA4 ? 86E2EBF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAA279B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA2799C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA279AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ObInsertObject 8056DBBF 5 Bytes JMP AA276F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056DE25 7 Bytes JMP AA2799C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058C938 7 Bytes JMP AA279BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805D1CC4 7 Bytes JMP AA279AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E38C6 5 Bytes JMP AA2755B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spqv.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6E4A62C 3 Bytes JMP 86E2E1D8
.text USBPORT.SYS!DllUnload + 4 F6E4A630 1 Byte [8F]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6E2EEBF]
.rsrc C:\WINDOWS\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xF7AD8814]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0101000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0102000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[880] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0100000C
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0095000A
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007E000C
.text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 012A000A
.text C:\WINDOWS\System32\svchost.exe[1180] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00B1000A
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B1000A
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BB000A
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B0000C
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F682D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76DDC4C] spqv.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76DDCA0] spqv.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76AD040] spqv.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76AD13C] spqv.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76AD0BE] spqv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76AD7FC] spqv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76AD6D2] spqv.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E2E2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76BD048] spqv.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[796] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[796] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 86F641F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Udfs \UdfsCdRom 86B0D1F8
Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 86B0D1F8
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 86DAD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD61F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD61F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD61F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD61F8
Device \Driver\usbehci \Device\USBPDO-1 86E161F8
Device \Driver\usbuhci \Device\USBPDO-2 86DAD1F8
Device \Driver\usbuhci \Device\USBPDO-3 86DAD1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CC3653A9-B7FF-4A1D-8B76-5332BACC3085} 86B08500
Device \Driver\usbuhci \Device\USBPDO-4 86DAD1F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F661F8
Device \Driver\Cdrom \Device\CdRom0 86E12500
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F661F8
Device \Driver\atapi \Device\Ide\IdePort0 86F651F8
Device \Driver\atapi \Device\Ide\IdePort1 86F651F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86F651F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86B08500
Device \Driver\NetBT \Device\NetbiosSmb 86B08500
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 86DAD1F8
Device \Driver\usbuhci \Device\USBFDO-1 86DAD1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A861F8
Device \Driver\usbuhci \Device\USBFDO-2 86DAD1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86A861F8
Device \Driver\usbuhci \Device\USBFDO-3 86DAD1F8
Device \Driver\usbehci \Device\USBFDO-4 86E161F8
Device \Driver\Ftdisk \Device\FtControl 86F661F8
Device \FileSystem\Cdfs \Cdfs 86291400
Device \FileSystem\Cdfs \Cdfs AA3B8BCE
Device -> \Driver\atapi \Device\Harddisk0\DR0 86D25EC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA0 0x06 0xF4 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xBF 0x6B 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA0 0x06 0xF4 0xF0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xBF 0x6B 0xD3 ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\DRIVERS\mouclass.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 6/29/2010 2:15:56 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Brian\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 52.79 Gb Free Space | 47.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Brian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Brian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Brian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (SMCB000) -- C:\WINDOWS\system32\drivers\HIDSMSC.SYS (SMSC)
DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (BoiHwsetup) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys (Quanta Computer Corp)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (CEUSBAUD) DigiTech USB MIDI Driver (MIDI) -- C:\WINDOWS\system32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
DRV - (RVIEG01) -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys (Roland)
DRV - (EUSBMSD) -- C:\WINDOWS\system32\drivers\EUSBMSD.SYS (SCM Microsystems Inc.,)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.toshibadirect.com/dpdstart IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.toshibadirect.com/dpdstart IE - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://us.mc328.mail.yahoo.com/mc/welco ... ujKoKsMlC4IE - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc328.mail.yahoo.com/mc/welcome?.gx=1&.rand=cihqt51i7bjd2&noFlush=&mcrumb=xujKoKsMlC4"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
personas@christopher.beard:1.5.3
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/25 12:13:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 12:13:53 | 000,000,000 | ---D | M]
[2009/04/06 08:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Mozilla\Extensions
[2010/06/28 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\w60x688n.default\extensions
[2010/05/23 14:19:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\w60x688n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/24 08:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\w60x688n.default\extensions\personas@christopher.beard
[2009/08/30 19:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Mozilla\Sunbird\Profiles\xankea2c.default\extensions
[2009/04/06 08:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2007/07/11 15:28:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe File not found
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005..\Run: [BlazeServoTool] C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe File not found
O4 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE (Scansoft Inc.)
O4 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005..\Run: [upacgdgujgyc] c:\documents and settings\brian\local settings\application data\gpwsds\luooxlt.exe File not found
O4 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3744200471-3502680536-1838303885-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/02/01 01:00:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/02/01 01:00:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/02/01 01:00:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/02/01 01:00:38 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
http://www.kaspersky.com/kos/eng/partne ... nicode.cab (CKAVWebScan Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microso ... 2352040281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://C:\Program Files\BookWorm\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
http://content.systemrequirementslab.co ... 1.66.0.cab (SysInfo Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
http://games.myspace.com/Gameshell/Game ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/02 17:28:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2100/02/08 17:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2010/06/29 14:11:21 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe
[2010/06/29 13:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/06/29 07:04:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/27 22:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Desktop\New Folder (2)
[2010/06/27 22:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xacvahakg
[2010/06/27 22:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/27 22:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Facebook
[2010/06/17 09:38:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Brian\IECompatCache
[2010/06/16 16:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/16 16:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/14 14:23:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Brian\PrivacIE
[2010/06/14 13:19:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Brian\IETldCache
[2010/06/14 13:11:40 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/06/14 13:11:40 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/06/14 13:11:40 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/14 13:11:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/06/14 13:11:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/06/14 13:11:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/14 13:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/14 13:08:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/06/14 13:08:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/06/14 08:56:22 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2010/06/04 10:07:43 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/04 10:07:42 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/04 10:07:41 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/04 10:07:39 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/04 10:07:37 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/04 10:07:37 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/04 10:07:36 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/04 10:07:22 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/04 10:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/04 10:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/31 20:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\e-on software
[2010/05/31 12:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\Downloads
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/06/29 14:14:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\6046ii0v.exe
[2010/06/29 14:13:15 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Brian\NTUSER.DAT
[2010/06/29 14:11:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe
[2010/06/29 13:44:13 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/29 13:44:13 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/29 13:44:13 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/29 13:41:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/29 13:39:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/29 13:39:22 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/29 13:39:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/29 13:38:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/29 13:38:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 13:37:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Brian\ntuser.ini
[2010/06/29 13:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/29 07:04:54 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 17:43:08 | 000,047,286 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\coupon6-2010Lg.pdf
[2010/06/25 12:29:18 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\HiJackThis.lnk
[2010/06/25 08:37:35 | 000,035,482 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\wklnhst.dat
[2010/06/24 22:36:59 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/16 07:54:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/14 13:10:04 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/14 00:33:19 | 011,240,779 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\SSE2010.pdf
[2010/06/09 09:17:00 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 08:32:04 | 002,005,588 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/06/07 12:21:51 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\ddddd.wps
[2010/06/01 12:01:09 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/06/01 11:58:55 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\D1BEC64EE5.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2100/02/23 15:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 16:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2010/06/29 14:14:41 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\6046ii0v.exe
[2010/06/27 13:29:47 | 000,129,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/26 17:43:06 | 000,047,286 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\coupon6-2010Lg.pdf
[2010/06/25 12:29:18 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\HiJackThis.lnk
[2010/06/14 13:10:04 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/14 00:33:19 | 011,240,779 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\SSE2010.pdf
[2010/06/07 11:51:57 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\ddddd.wps
[2010/05/27 08:40:09 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/11 12:33:04 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngineDrive1.sys
[2009/03/08 13:48:59 | 000,010,061 | ---- | C] () -- C:\WINDOWS\PlantStudio2.ini
[2009/01/12 23:05:46 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\0810be8f-b2fd-4cfc-bbc2-e45e10a7568b.dll
[2008/11/14 22:39:10 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2008/08/21 16:11:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/13 10:31:50 | 000,000,235 | ---- | C] () -- C:\WINDOWS\caligari.ini
[2008/06/13 10:31:24 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2008/06/13 10:31:24 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2008/06/13 10:30:57 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\OPENGL.DLL
[2008/06/13 10:30:56 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\GLU.DLL
[2008/05/01 09:03:23 | 000,000,145 | ---- | C] () -- C:\WINDOWS\StarryNight.ini
[2007/06/21 06:23:39 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/06/21 06:23:39 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2007/06/21 06:23:34 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2007/06/21 06:23:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2007/06/21 06:23:34 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2007/06/21 06:23:21 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2007/05/02 17:24:54 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/05/02 16:42:46 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/29 12:08:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/03 11:59:54 | 006,148,096 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll
[2007/02/10 17:15:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS820.ini
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/01/23 10:55:21 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/01/23 10:55:05 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/01/23 10:55:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2007/01/22 21:46:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/05 16:00:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll
[2006/11/20 17:25:16 | 001,343,488 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2006/11/20 17:25:02 | 004,984,832 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[2006/03/03 15:11:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/02 19:54:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/02 19:51:49 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/02 19:51:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/02 19:51:49 | 000,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/02 19:51:49 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/02 19:48:13 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/02 19:44:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/02 19:44:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/02 19:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/02 19:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/02 19:44:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/02 19:44:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/02 19:05:27 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/02 19:05:27 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/02 18:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/02 17:35:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/02 17:23:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/02 14:45:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/26 14:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 15:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/09/02 18:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 19:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 18:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 01:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 21:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2001/10/12 03:40:21 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[1999/04/20 04:15:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dllcache\nlsfunc.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe:SummaryInformation
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F157E3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0302598E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B13EE36
< End of report >
OTL Extras logfile created on: 6/29/2010 2:15:56 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Brian\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 52.79 Gb Free Space | 47.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Brian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{06230E02-2B7E-11D2-92D0-0040051BD005}" = OLYMPUS CAMEDIA Master 2.5
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{33C4EB36-EA6B-4F8F-9AE0-4E6BE5D7B210}" = DigiTech X-Edit 2.3
"{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4F5CE18C-D97D-48FF-A510-A0D90C918294}" = iTunes
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{805B2966-0CFB-4DD2-9307-B397C1EA4D14}" = Sony ACID Music Studio 6.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9763E36A-08E9-4228-BBCE-12989A4EB1A8}" = QuickTime
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9ED3C484-D002-4D4D-9BF3-C3DF9048EE7D}" = StuffIt 12
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6F30B34-BB11-49B0-942D-10EF20C4EB2B}" = Toshiba Hotkey Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B23F9E40-E6E5-11D4-89B3-00201856C449}" = Tassman DXi SE 2.0
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34D3BF3-5A89-46B0-974B-4513121B7338}" = StroboSoft
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12PAK_Video_is1" = 12 PAK Video
"25PAK_Video_is1" = 25 PAK Video
"Absolute Fretboard Trainer PRO" = Absolute Fretboard Trainer PRO
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 2.7.2
"Applian FLV Player2.0.23" = Applian FLV Player
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"bb_is1" = RealDrums Set 3c - HipHop and CountryShuffle
"BB2007NEW_is1" = Band-in-a-Box 2007 New Features Video
"BBforBozosVideo_is1" = Band-in-a-Box for Bozos Video
"BluesPianist_is1" = Blues Pianist Volume 2
"Bryce" = Bryce 5.5c
"Carrara Studio" = Carrara Studio
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
"Color Efex Pro 3.0 Wacom Edition 6" = Color Efex Pro 3.0 Wacom Edition 6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON Printer Software
"Eye Candy 4000" = Eye Candy 4000
"EZ Vinyl Converter by MixMeister_is1" = EZ Vinyl Converter 2.0.0 by MixMeister
"Film Factory" = Film Factory
"g_ch_dict_001_is1" = Guitar Chord Dictionary
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"GuitarScalesMethod_is1" = GSM 1.1.4.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HyperStudio 4 Player" = HyperStudio 4 Player
"Ink Monitor" = Ink Monitor
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KPT3" = c:\program files\adobe\photoshop 6.0\plug-ins\KPT3~1.0PR
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"OneTouch Version 3.0" = OneTouch Version 3.0
"p_ch_dict_001_is1" = Piano Chord Dictionary
"PaperPort 7.0" = PaperPort 7.0
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"Poser 4" = Poser 4
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Proteus VX" = Proteus VX
"RealDrumsVideo_is1" = RealDrums Video
"REAPER" = REAPER
"RSX2DeinstKey" = Intel RSX 3D
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Starry Night Backyard 4" = Starry Night Backyard 4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73
"trueSpace42DeinstKey" = Caligari trueSpace4.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WM Recorder 12.0" = WM Recorder 12.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3744200471-3502680536-1838303885-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 6/29/2010 11:16:42 AM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 11:16:42 AM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 1:24:09 PM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 1:24:09 PM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 1:24:11 PM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 1:24:11 PM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 1:38:40 PM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 1:38:40 PM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 1:38:42 PM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 6/29/2010 1:38:42 PM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ System Events ]
Error - 6/29/2010 7:27:02 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2
Error - 6/29/2010 11:16:42 AM | Computer Name = TOSHIBA-USER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/29/2010 11:16:42 AM | Computer Name = TOSHIBA-USER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/29/2010 11:18:34 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2
Error - 6/29/2010 1:24:13 PM | Computer Name = TOSHIBA-USER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/29/2010 1:24:13 PM | Computer Name = TOSHIBA-USER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/29/2010 1:25:58 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2
Error - 6/29/2010 1:38:44 PM | Computer Name = TOSHIBA-USER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/29/2010 1:38:44 PM | Computer Name = TOSHIBA-USER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/29/2010 1:40:45 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2
< End of report >